CVE-2023-6307

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6307

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6307.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6307

Published

2023-11-27T02:15:42.353Z

Modified

2025-11-15T14:59:41.307328Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/jeecgboot/jimureport

Affected ranges

Type: GIT
Repo: https://github.com/jeecgboot/jimureport
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7a9f88e953e85e934a95c519a2683563d6063737

Affected versions

v1.*

v1.5.6

v1.5.9

v1.6.0

v1.6.1