Lucene search
GitHub Advisory DatabaseGHSA-9V66-9239-CQV2HistoryAug 17, 2023 - 9:30 p.m.
Jeecg-boot SQL Injection vulnerability
2023-08-1721:30:53
CWE-89
GitHub Advisory Database
github.com
16
jeecg-boot
sql injection
vulnerability
local attacker
denial of service
benchmark
pg_sleep
dbms_lock.sleep
waitfor
decode
dbms_pipe.receive_message
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
Affected configurations
Node
org.eclipse.lyo\lyoMatchparent
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jeecgframework.boot:jeecg-boot-parent | le | 3.5.0 |
Related
veracode
veracode
SQL Injection
2023-08-19 02:15:19
osv
osv
CVE-2023-38905
2023-08-17 19:15:12
Jeecg-boot SQL Injection vulnerability
2023-08-17 21:30:53
nvd
nvd
CVE-2023-38905
2023-08-17 19:15:12
prion
prion
Sql injection
2023-08-17 19:15:00
cve
cve
CVE-2023-38905
2023-08-17 19:15:12
cvelist
cvelist
CVE-2023-38905
2023-08-17 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for GHSA-9V66-9239-CQV2