CVE-2023-49442 Information

Description

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

Reference

https://lemono.fun/thoughts/JEECG-RCE.html