Unauthorized Access Vulnerability in SpringBlade of Shanghai Bred Technology Co. Ltd (CNVD-2023-94732)

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. An unauthorized access vulnerability exists in SpringBlade, which can be exploited by an attacker to obtain sensitive information...

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

Design/Logic Flaw

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

SpringBlade Security Vulnerability

Bred Network Technology SpringBlade is a suite of microservice development platforms from China's Bred Network Technology. A security vulnerability exists in SpringBlade V3.6.0 and earlier versions, which stems from an incorrect configuration in the default gateway that allows unauthorized...

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

CVE-2023-40788

SpringBlade 3.6.0 to remediate.

PT-2023-27638 · Unknown · Springblade

Name of the Vulnerable Software and Affected Versions: SpringBlade versions =V3.6.0 Description: The issue is related to Incorrect Access Control due to an incorrect configuration in the default gateway, resulting in unauthorized access to error logs. Recommendations: For SpringBlade versions...

GHSA-62PR-54GV-VG5G SpringBlade vulnerable to SQL injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

org.springblade:blade-core-boot (>=3.0.0 <=3.6.0), org.springblade:blade-core-cloud (>=3.0.0 <=3.6.0) +11 more potentially affected by CVE-2023-40787 via org.springblade:blade-core-tool (>=3.0.0 <=3.6.0)

org.springblade:blade-core-tool MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.5.0, =3.2.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.3.1 Source cves: CVE-2023-40787 Source advisory: OSV:GHSA-62PR-54GV-VG5G...

SpringBlade vulnerable to SQL injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

Sql injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

CVE-2023-40787 affects SpringBlade v3.6.0, where user-submitted SQL parameters are not wrapped in quotes during query execution, enabling SQL injection. Red Hat and multiple feeds corroborate the flaw in SpringBlade’s SQL handling, describing it as a lack of proper parameter quoting that could al...

SpringBlade SQL注入漏洞

Breed Network Technology SpringBlade is a set of microservice development platform from China Breed Network Technology. A security vulnerability exists in SpringBlade version V3.6.0, which stems from a SQL injection when executing a SQL query, where the parameters submitted by the user are not...

PT-2023-8132 · Unknown · Springblade

Name of the Vulnerable Software and Affected Versions: SpringBlade version 3.6.0 Description: The issue is related to the lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. Specifically, in SpringBlade, when executing SQL...