GHSA-w559-623p-vfg8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w559-623p-vfg8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w559-623p-vfg8/GHSA-w559-623p-vfg8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w559-623p-vfg8
- Aliases
- Published
- 2022-05-05T00:00:25Z
- Modified
- 2024-02-17T05:33:57.079803Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter
- Details
-
MyBatis PageHelper versions 3.5.x through 5.3.x were discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
- Database specific
{ "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-10-20T18:39:47Z", "cwe_ids": [ "CWE-89" ], "nvd_published_at": "2022-05-04T13:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-28111
- https://github.com/pagehelper/Mybatis-PageHelper/issues/674
- https://github.com/pagehelper/Mybatis-PageHelper/commit/554a524af2d2b30d09505516adc412468a84d8fa
- https://github.com/pagehelper/Mybatis-PageHelper
- https://github.com/pagehelper/Mybatis-PageHelper.git
- https://github.com/yangfar/CVE/blob/main/CVE-2022-42227.md
- https://pagehelper.github.io
- https://www.cnblogs.com/secload/articles/16061420.html
Affected packages
Maven / com.github.pagehelper:pagehelper
Package
- Name
- com.github.pagehelper:pagehelper
- View open source insights on deps.dev
- Purl
- pkg:maven/com.github.pagehelper/pagehelper
Affected versions
3.*
3.5.0
3.5.1
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2.0
4.2.1
5.*
5.0.0-beta
5.0.0-rc
5.0.0
5.0.1
5.0.2-beta
5.0.2
5.0.3-beta
5.0.3
5.0.4
5.1.0-beta
5.1.0-beta2
5.1.0
5.1.1
5.1.2-beta
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.10
5.1.11
5.2.0
5.2.1
5.3.0