Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-5334FE07C68A08CD674CE17FBF3AE9A3HistoryJan 31, 2023 - 12:00 a.m.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2023-01-3100:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
8
sql injection
dromara hutool v5.8.11
arbitrary code
aviator template engine
software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.2%
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.
Affected configurations
Node
mavenhutool-allRange≤5.8.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| maven/cn.hutool/hutool-all | le | 5.8.11 |
Related
nvd
nvd
CVE-2023-24163
2023-01-31 16:15:09
cvelist
cvelist
CVE-2023-24163
2023-01-31 00:00:00
osv
osv
Dromara hutool vulnerable to SQL Injection
2023-01-31 18:30:23
CVE-2023-24163
2023-01-31 16:15:09
prion
prion
Sql injection
2023-01-31 16:15:00
cve
cve
CVE-2023-24163
2023-01-31 16:15:09
github
github
Dromara hutool vulnerable to SQL Injection
2023-01-31 18:30:23
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.2%
Related for GITLAB-5334FE07C68A08CD674CE17FBF3AE9A3