CVE-2024-53477

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-53477

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53477.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53477

Published

2024-12-02T21:15:11.217Z

Modified

2026-04-12T09:58:17.287184Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

References

Affected packages

Git / github.com/jflyfox/jfinal_cms

Affected ranges

Type

GIT

Repo

https://github.com/jflyfox/jfinal_cms

Events

Introduced

Last affected

f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e

Fixed

f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.0"
        }
    ]
}

Affected versions

4.*

4.7.1

v1.*

v1.1

v1.2

v1.3

v1.4

v1.4.1

v1.4.2

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v2.9.1

v2.9.2

v3.*

v3.0.0

v3.1.0

v4.*

v4.0.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v4.6.0

v4.7.0

v4.7.1

v5.*

v5.0.0

v5.0.1

v5.1.0

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "afterJFinalStart",
            "file": "src/main/java/com/jflyfox/component/config/BaseConfig.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "260915234651845804773798128464105922627",
            "length": 1025.0
        },
        "id": "CVE-2024-53477-83ad0ab5",
        "signature_type": "Function",
        "source": "https://github.com/jflyfox/jfinal_cms/commit/f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e"
    },
    {
        "target": {
            "file": "src/main/java/com/jflyfox/component/config/BaseConfig.java"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235455787691315592555926611709698309144",
                "259532272798952886012350042061124856415",
                "195791439543647750731097862913562304738",
                "19524780285807012452392244391192780954",
                "218202365047819611457155518004478560974",
                "106225494551987839521886456774615232490",
                "117502833115724083040685510513809034268",
                "113899541292869429809872413427044912322",
                "283146270430101967328766320135359156475",
                "9892673283024704479932284401997903409",
                "13795112843697361100295626284925840893",
                "331825597536179613683845672376983747777",
                "910229237920286283578498650726160044",
                "116510182994214669744657374822704852775",
                "171142970681678159095959876989587830212",
                "96162759862500388785671483469774033227",
                "20719820782827795500697769122688990332",
                "156190175961231115950576995052009169115",
                "8368421417191644435668531317728004396",
                "209466526759669284660322289234458119776",
                "253862566506763609442801173516721270750",
                "271205676214657389202942759274084253310",
                "271652454222183040213621610397263985513",
                "27454250813001967436771351967813306361",
                "143678557955471502600999618099107520888",
                "73475477444788520644070451585646286930",
                "205048388106304912189173815852089302302",
                "109522316293577001866018845710114154524",
                "294253641954380650100084383991347020175",
                "201060250923127770420929090241397313609",
                "45129385885747427470999596271069010896",
                "304992949726532496743579373282801017397",
                "189686493251016442553015342850960798506",
                "208996641824911480831266057201388028169",
                "119550014601260874566179006429720431978",
                "201981241964060565309195208902925617777",
                "291049224983750532321810189493768547398",
                "261309263424682166218566309176897755961",
                "35064705152614929518500122158675328436",
                "153118420093200210028914963696050397424",
                "259871911994180889522434294663052081713",
                "257706968364784841090449100604570077383",
                "187210764605130718823047934827127190761",
                "102842569319995543019477053923335002269",
                "249270696214365313119337723052724788531",
                "99505649006624619378585555549496594493",
                "3496171236356849342544060596563387582",
                "139657538782301755229094069446994452039",
                "248325617859152826369687741472230505121",
                "102883938736163711018224926584434115518",
                "34879436567731238702980440017650249216",
                "31265315976688630949000443702787807654",
                "83468710797124077511367651070779016098",
                "149655980950245386476865179777050305776",
                "61154859236827723147059221256878034709",
                "223499882360633704311204454610422061264",
                "213351277642903969679292570605707727300",
                "256350374868922642973654626259009356382",
                "271812829337091352313343279475720805083",
                "16642969012583802588942750746984555445",
                "38753041569499433009661192364919517719",
                "60557103022252795073639281268869798171",
                "288455301236576296988378709076471948380",
                "171049973861623989375728743739243796959",
                "243370605828008019646966153528330083087",
                "226418554564656931534191407232756215182",
                "270112133342904421488204180232152921090",
                "83465642540789421863097807623968951142",
                "209302593594158066204612451131451896485",
                "246887531533725325740557411029401517258",
                "157510826387218853112609523751418023988",
                "98404048497613354033469372993694247314",
                "197355529410868288350422337778654349722",
                "109770299556938373673437072832881760316",
                "142682121929933891417702984801746002545",
                "155611007264964242766335885809843896130",
                "196617016862416655013769437111650562504",
                "62621992546685813823780078919905664164",
                "202444222550604848177571671071147090495",
                "327593051356223953410401173075658367708",
                "89614850335244958179025379710514430563",
                "97046082279637681971798764735547766792",
                "69452838166347062204279980181517873268",
                "324256325469233876994950500004669307496",
                "114931610618745132477959611068951552230",
                "63888520653554391002549485696643310119",
                "133760881453226332674300915652749641365",
                "84978204349628563632633503988636614314",
                "7292245263240901002056446855818422958",
                "308793074088633017178190663162061798243",
                "41138395291080810506979561929735148682",
                "104377314591537873116269644609896974486",
                "19575669767351865733423922515726801768",
                "225788576626061857955323644220168144983",
                "250459788301465116561471536763655256340",
                "201479845916101188721681457605683187612",
                "255585384310697744602737186203460248929",
                "338519508862874655434357818087803226764",
                "214553364604925892356011252450877183332",
                "171312547692662833468114572321108585546",
                "156542834216827935756119615967258102160",
                "74414624345512733999772778172839139344",
                "41052343756758524077129361364041367029",
                "282459100042872446421379717715143335394",
                "202949654225753318211476459434435462109",
                "22805405453895021891462680672570010832",
                "14819617196323313735246774416272809629",
                "223063704006961611406183488008088519496",
                "226142191633368805954397012056827923688",
                "232332116341077663414872778390563700916",
                "133700235924975689612681397222091978746",
                "187563486687154374673301459098105853590",
                "258725380556783052642971720019016153677",
                "240238841152483732442633044948433510132",
                "208936663808377601419959094196825119939",
                "241394569906361106739132313234063648778"
            ]
        },
        "id": "CVE-2024-53477-96e4d3f5",
        "signature_type": "Line",
        "source": "https://github.com/jflyfox/jfinal_cms/commit/f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e"
    }
]

vanir_signatures_modified

"2026-04-12T09:58:17Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53477.json"