CVE-2023-34660

Name of the Vulnerable Software and Affected Versions jjeecg-boot version 3.5.0

Description The issue concerns an unauthorized arbitrary file upload in the /jeecg-boot/jmreport/upload interface. This allows for potential malicious file uploads without proper authorization.

Recommendations For jjeecg-boot version 3.5.0, as a temporary workaround, consider disabling the /jeecg-boot/jmreport/upload interface until a patch is available. Restrict access to this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.