GHSA-23xf-5535-62v5

Source

https://github.com/advisories/GHSA-23xf-5535-62v5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-23xf-5535-62v5/GHSA-23xf-5535-62v5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-23xf-5535-62v5

Aliases

CVE-2023-1741

Published

2023-03-31T00:30:18Z

Modified

2023-11-08T04:11:19.079608Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

jeecg-boot vulnerable to SQL injection

Details

jeecg-boot 3.5.0 is vulnerable to SQL injection from functionality of the file SysDictMapper.java of the component Sleep Command Handler. The attack can be launched remotely and the exploit has been disclosed to the public and may be used.

Database specific

{
    "nvd_published_at": "2023-03-30T22:15:00Z",
    "github_reviewed_at": "2023-04-07T22:09:37Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL"
}

References

Affected packages

Maven / org.jeecgframework.boot:jeecg-boot-parent

Package

Name: org.jeecgframework.boot:jeecg-boot-parent; View open source insights on deps.dev
Purl: pkg:maven/org.jeecgframework.boot/jeecg-boot-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.5.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-23xf-5535-62v5/GHSA-23xf-5535-62v5.json"