Chuan001

**Name of the Vulnerable Software and Affected Versions** JeecgBoot version 3.9.1 **Description** A weakness exists in JeecgBoot that allows for deserialization. This issue affects the `importDocumentFromZip` function within the `org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java` file of the Retrieval-Augmented Generation component. The attack can be initiated remotely and is considered highly complex with difficult exploitability. The project maintainers were notified of the issue but have not yet responded. **Recommendations** Versions prior to 3.9.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.