CVE-2023-40787 – org.springblade:blade-core-tool

Package

Manager: maven
Name: org.springblade:blade-core-tool
Vulnerable Version: =3.6.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00857 pctl0.74142

Details

SpringBlade vulnerable to SQL injection In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

Metadata

Created: 2023-08-29T15:31:51Z
Modified: 2023-08-31T18:33:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-62pr-54gv-vg5g
Finding: F106
Auto approve: 1