MyBatis-Plus below 3.5.3.1 is vulnerable to SQL injection via the tenant ID value. This may allow remote attackers to execute arbitrary SQL commands.
{
"github_reviewed_at": "2023-04-05T21:13:04Z",
"nvd_published_at": "2023-04-05T14:15:00Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL"
}