{"id":"CVE-2024-53477","details":"JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java","modified":"2026-04-12T09:58:17.287184Z","published":"2024-12-02T21:15:11.217Z","references":[{"type":"ADVISORY","url":"https://github.com/jflyfox/jfinal_cms/releases/tag/v5.1.0"},{"type":"REPORT","url":"https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jflyfox/jfinal_cms","events":[{"introduced":"0"},{"last_affected":"f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e"},{"fixed":"f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.0"}]}}],"versions":["4.7.1","v1.1","v1.2","v1.3","v1.4","v1.4.1","v1.4.2","v2.0.0","v2.1.0","v2.1.1","v2.3.0","v2.4.0","v2.5.0","v2.6.0","v2.7.0","v2.8.0","v2.9.0","v2.9.1","v2.9.2","v3.0.0","v3.1.0","v4.0.0","v4.1.1","v4.1.2","v4.1.3","v4.1.4","v4.1.5","v4.2.0","v4.3.0","v4.4.0","v4.5.0","v4.6.0","v4.7.0","v4.7.1","v5.0.0","v5.0.1","v5.1.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/jflyfox/jfinal_cms/commit/f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e","signature_type":"Function","signature_version":"v1","target":{"file":"src/main/java/com/jflyfox/component/config/BaseConfig.java","function":"afterJFinalStart"},"deprecated":false,"id":"CVE-2024-53477-83ad0ab5","digest":{"length":1025,"function_hash":"260915234651845804773798128464105922627"}},{"source":"https://github.com/jflyfox/jfinal_cms/commit/f128a0d28bdaa80e6d38ff08c1b4fdc402eeed1e","signature_type":"Line","signature_version":"v1","target":{"file":"src/main/java/com/jflyfox/component/config/BaseConfig.java"},"deprecated":false,"id":"CVE-2024-53477-96e4d3f5","digest":{"line_hashes":["235455787691315592555926611709698309144","259532272798952886012350042061124856415","195791439543647750731097862913562304738","19524780285807012452392244391192780954","218202365047819611457155518004478560974","106225494551987839521886456774615232490","117502833115724083040685510513809034268","113899541292869429809872413427044912322","283146270430101967328766320135359156475","9892673283024704479932284401997903409","13795112843697361100295626284925840893","331825597536179613683845672376983747777","910229237920286283578498650726160044","116510182994214669744657374822704852775","171142970681678159095959876989587830212","96162759862500388785671483469774033227","20719820782827795500697769122688990332","156190175961231115950576995052009169115","8368421417191644435668531317728004396","209466526759669284660322289234458119776","253862566506763609442801173516721270750","271205676214657389202942759274084253310","271652454222183040213621610397263985513","27454250813001967436771351967813306361","143678557955471502600999618099107520888","73475477444788520644070451585646286930","205048388106304912189173815852089302302","109522316293577001866018845710114154524","294253641954380650100084383991347020175","201060250923127770420929090241397313609","45129385885747427470999596271069010896","304992949726532496743579373282801017397","189686493251016442553015342850960798506","208996641824911480831266057201388028169","119550014601260874566179006429720431978","201981241964060565309195208902925617777","291049224983750532321810189493768547398","261309263424682166218566309176897755961","35064705152614929518500122158675328436","153118420093200210028914963696050397424","259871911994180889522434294663052081713","257706968364784841090449100604570077383","187210764605130718823047934827127190761","102842569319995543019477053923335002269","249270696214365313119337723052724788531","99505649006624619378585555549496594493","3496171236356849342544060596563387582","139657538782301755229094069446994452039","248325617859152826369687741472230505121","102883938736163711018224926584434115518","34879436567731238702980440017650249216","31265315976688630949000443702787807654","83468710797124077511367651070779016098","149655980950245386476865179777050305776","61154859236827723147059221256878034709","223499882360633704311204454610422061264","213351277642903969679292570605707727300","256350374868922642973654626259009356382","271812829337091352313343279475720805083","16642969012583802588942750746984555445","38753041569499433009661192364919517719","60557103022252795073639281268869798171","288455301236576296988378709076471948380","171049973861623989375728743739243796959","243370605828008019646966153528330083087","226418554564656931534191407232756215182","270112133342904421488204180232152921090","83465642540789421863097807623968951142","209302593594158066204612451131451896485","246887531533725325740557411029401517258","157510826387218853112609523751418023988","98404048497613354033469372993694247314","197355529410868288350422337778654349722","109770299556938373673437072832881760316","142682121929933891417702984801746002545","155611007264964242766335885809843896130","196617016862416655013769437111650562504","62621992546685813823780078919905664164","202444222550604848177571671071147090495","327593051356223953410401173075658367708","89614850335244958179025379710514430563","97046082279637681971798764735547766792","69452838166347062204279980181517873268","324256325469233876994950500004669307496","114931610618745132477959611068951552230","63888520653554391002549485696643310119","133760881453226332674300915652749641365","84978204349628563632633503988636614314","7292245263240901002056446855818422958","308793074088633017178190663162061798243","41138395291080810506979561929735148682","104377314591537873116269644609896974486","19575669767351865733423922515726801768","225788576626061857955323644220168144983","250459788301465116561471536763655256340","201479845916101188721681457605683187612","255585384310697744602737186203460248929","338519508862874655434357818087803226764","214553364604925892356011252450877183332","171312547692662833468114572321108585546","156542834216827935756119615967258102160","74414624345512733999772778172839139344","41052343756758524077129361364041367029","282459100042872446421379717715143335394","202949654225753318211476459434435462109","22805405453895021891462680672570010832","14819617196323313735246774416272809629","223063704006961611406183488008088519496","226142191633368805954397012056827923688","232332116341077663414872778390563700916","133700235924975689612681397222091978746","187563486687154374673301459098105853590","258725380556783052642971720019016153677","240238841152483732442633044948433510132","208936663808377601419959094196825119939","241394569906361106739132313234063648778"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53477.json","vanir_signatures_modified":"2026-04-12T09:58:17Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}