3 matches found
CVE-2023-38992
creationtimestamp| type| source ---|---|--- 2023-07-28 18:35:56+00:00| seen| https://t.me/cibsecurity/67377...
org.jeecgframework.boot:jeecg-boot-starter-cloud (>=3.4.0 <=3.5.2), org.jeecgframework.boot:jeecg-boot-starter-lock (>=3.4.0 <=3.5.2) +1 more potentially affected by CVE-2023-38992 via org.jeecgframework.boot:jeecg-boot-common (>=3.4.0 <=3.5.2)
org.jeecgframework.boot:jeecg-boot-common MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.5.2 Source cves: CVE-2023-38992 Source advisory: OSV:GHSA-WP6C-29R3-JQW9...
CVE-2023-38992
Jeecg-Boot v3.5.1 is affected by a SQL injection vulnerability exposed via the title parameter in the /sys/dict/loadTreeData API. Root cause: insufficient input handling leading to SQL injection (CWE-89). Impact: high-severity access to sensitive data; CVSS v3.1 base score 9.8. Mitigation: apply ...