CVE-2023-1454 – org.jeecgframework.boot:jeecg-boot-common

Package

Manager: maven
Name: org.jeecgframework.boot:jeecg-boot-common
Vulnerable Version: >=0 <=3.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.92698 pctl0.99741

Details

jeecg-boot SQL Injection vulnerability A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Metadata

Created: 2023-03-17T09:30:19Z
Modified: 2023-03-23T19:48:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-j72f-4hgp-3mwc/GHSA-j72f-4hgp-3mwc.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-j72f-4hgp-3mwc
Finding: F297
Auto approve: 1