GHSA-62pr-54gv-vg5g

Suggest an improvement
Source
https://github.com/advisories/GHSA-62pr-54gv-vg5g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-62pr-54gv-vg5g
Aliases
Published
2023-08-29T15:31:51Z
Modified
2023-11-08T04:13:22.843692Z
Summary
SpringBlade vulnerable to SQL injection
Details

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

Database specific 
{
    "nvd_published_at": "2023-08-29T13:15:53Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-31T18:33:40Z"
}
References

Affected packages

Maven / org.springblade:blade-core-tool

Package

Name
org.springblade:blade-core-tool
View open source insights on deps.dev
Purl
pkg:maven/org.springblade/blade-core-tool

Affected ranges

Affected versions

3.*

3.6.0