CVE-2021-31649
JFinal Java Deserialization Vulnerability
EPSS 0.40%
Description
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis which can lead to remote code execution
How to fix CVE-2021-31649
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Maven/com.jfinal:jfinal—no fix listed
Is CVE-2021-31649 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 4.9.08