CVE-2021-31649
First published: Thu Jun 24 2021(Updated: )
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfinal Jfinal | <=4.9.08 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-31649?
CVE-2021-31649 is a deserialization vulnerability in jfinal versions 4.9.08 and below, which can potentially allow remote code execution.
What software versions are affected by CVE-2021-31649?
Versions up to and including 4.9.08 of jfinal are vulnerable to CVE-2021-31649.
How severe is CVE-2021-31649?
CVE-2021-31649 has a severity rating of 9.8 (Critical).
How can I fix CVE-2021-31649?
To fix CVE-2021-31649, update jfinal to a version higher than 4.9.08.
Where can I find more information about CVE-2021-31649?
You can find more information about CVE-2021-31649 at the following references: [Reference 1](http://note.youdao.com/noteshare?id=787ccbb8345dbd4a905aebe35f1d8aa8&sub=6C5C072C901949429EFD978405212FA4) and [Reference 2](https://note.youdao.com/ynoteshare1/index.html?id=787ccbb8345dbd4a905aebe35f1d8aa8&type=note).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/jfinal
- canonical/jfinal jfinal
- version/jfinal jfinal/4.9.08