GHSA-32qq-m9fh-f74w

Suggest an improvement
Source
https://github.com/advisories/GHSA-32qq-m9fh-f74w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-32qq-m9fh-f74w/GHSA-32qq-m9fh-f74w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-32qq-m9fh-f74w
Aliases
  • CVE-2023-25330
Published
2023-04-05T15:30:24Z
Modified
2024-06-03T18:48:01.615780Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Details

MyBatis-Plus below 3.5.3.1 is vulnerable to SQL injection via the tenant ID value. This may allow remote attackers to execute arbitrary SQL commands.

Database specific
{
    "github_reviewed_at": "2023-04-05T21:13:04Z",
    "nvd_published_at": "2023-04-05T14:15:00Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL"
}
References

Affected packages

Maven / com.baomidou:mybatis-plus

Package

Name
com.baomidou:mybatis-plus
View open source insights on deps.dev
Purl
pkg:maven/com.baomidou/mybatis-plus

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.3.1

Affected versions

1.*
1.0
1.1
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5
2.*
2.0-beta
2.0-rc
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.6-jdk8
2.0.7
2.0.8
2.0.9
2.1-beta
2.1.0
2.1-gamma
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.3
2.3.1
2.3.2
2.3.3
3.*
3.0-alpha
3.0-beta
3.0-RC
3.0-RC1
3.0-RC2
3.0-RC3
3.0-RELEASE
3.0-gamma
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.7.1
3.1.0
3.1.1
3.1.2
3.2.0
3.3.0
3.3.1
3.3.1.tmp
3.3.2
3.4.0
3.4.1
3.4.2
3.4.3
3.4.3.1
3.4.3.2
3.4.3.3
3.4.3.4
3.5.0
3.5.1
3.5.2
3.5.3

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-32qq-m9fh-f74w/GHSA-32qq-m9fh-f74w.json"