[MAVEN:GHSA-23XF-5535-62V5] jeecg-boot vulnerable to SQL injection

Severity Critical

Affected Packages 1

CVEs 1

jeecg-boot 3.5.0 is vulnerable to SQL injection from functionality of the file SysDictMapper.java of the component Sleep Command Handler. The attack can be launched remotely and the exploit has been disclosed to the public and may be used.

Package	Affected Version
pkg:maven/org.jeecgframework.boot/jeecg-boot-parent	<= 3.5.0

ID: MAVEN:GHSA-23XF-5535-62V5
Severity: critical
URL: https://github.com/advisories/GHSA-23xf-5535-62v5
Published: 2023-03-31T00:30:18
(17 months ago)
Modified: 2023-04-15T05:08:10
(17 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2023-1741
			https://github.com/private-null/report/blob/main/README.md
			https://vuldb.com/?ctiid.224629
			https://vuldb.com/?id.224629
			https://github.com/advisories/GHSA-23xf-5535-62v5

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jeecgframework.boot/jeecg-boot-parent	org.jeecgframework.boot	jeecg-boot-parent	<= 3.5.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date