An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the «localPath» variable.