CVE-2021-31649

Description

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis which can lead to remote code execution

Affected packages (1)

• Maven/com.jfinal:jfinalfrom 0, <= 4.9.08

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-31649
• WEBhttp://note.youdao.com/noteshare?id=787ccbb8345dbd4a905aebe35f1d8aa8&sub=6C5C072C901949429EFD978405212FA4
• WEBhttps://github.com/jfinal/jfinal/issues/184