3 matches found
OESA-2023-1997 mybatis security update
The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...
CVE-2023-25330
CVE-2023-25330 is a SQL injection vulnerability in the Mybatis Plus extension for MyBatis, exposed when using versions below 3.5.3.1. An attacker could leverage the tenant ID value to execute arbitrary SQL on a vulnerable application. The issue is contingent on misconfigurations in the host appli...
CVE-2023-25330
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...