CVE-2021-37305

Name of the Vulnerable Software and Affected Versions jeecg-boot versions 2.4.5 and earlier

Description The issue allows remote attackers to gain escalated privilege and view sensitive information. This is achieved via the API endpoint "/sys/user/querySysUser" with the username variable set to "admin".

Recommendations For jeecg-boot versions 2.4.5 and earlier, consider restricting access to the "/sys/user/querySysUser" API endpoint until a patch is available. As a temporary workaround, avoid using the username variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.