What is CVE-2023-49442?

CVE-2023-49442 is a vulnerability in N/a. Published 2024-01-03.

Is CVE-2023-49442 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-49442

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

EPSS: 0.555 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
Co5mos/nuclei-tps
J1ezds/Vulnerability-Wiki-page
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
ahisec/nuclei-tps
fkie-cad/nvd-json-data-feeds
tanjiti/sec_

References

lemono.fun/thoughts/JEECG-RCE.html

Frequently asked questions

What is CVE-2023-49442?: CVE-2023-49442 is a vulnerability in N/a. Published 2024-01-03.
Is CVE-2023-49442 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.