-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.jfinal:jfinal | maven | <= 4.9.08 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of user input in template processing functions. JFinal's template engine evaluates expressions during rendering, and the advisory explicitly identifies the 'template function' as the attack vector. The Engine.getTemplate method is the entry point for template processing, and Template.render executes the logic. Together they form the chain for SSTI exploitation when user input isn't properly sanitized, consistent with CWE-94 code injection patterns in template engines.
Ongoing coverage of React2Shell