CVE-2020-20948
First published: Mon Dec 27 2021(Updated: )
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jeecg Jeecg | =3.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this arbitrary file download vulnerability?
The vulnerability ID of this arbitrary file download vulnerability is CVE-2020-20948.
What is the title of this vulnerability?
The title of this vulnerability is "An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the 'localPath' variable."
What is the affected software version of this vulnerability?
The affected software version of this vulnerability is jeecg v3.8.
How severe is this vulnerability?
This vulnerability is rated as high severity with a CVSS score of 7.5.
How can the attackers exploit this vulnerability?
Attackers can exploit this vulnerability by modifying the 'localPath' variable to gain unauthorized access to sensitive files.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/jeecg
- canonical/jeecg jeecg
- version/jeecg jeecg/3.8