CVE-2024-40539

CVE-2024-40539 concerns my-springsecurity-plus prior to v2024.07.03, where a SQL injection is exposed via the dataScope parameter in the /api/user endpoint. The issue is documented across multiple sources indicating the vulnerable component and the attack surface. Public references consistently s...

CVE-2024-40541

Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...

CVE-2024-40540

CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...

CVE-2024-40542

CVE-2024-40542 affects my-springsecurity-plus versions before v2024.07.03. A SQL injection is exposed via the dataScope parameter at /api/role?offset, as documented across NVD/Red Hat/CNNVD entries. Impact is described variably: NVD base score 9.8 (CRITICAL) with full confidentiality, integrity, ...