Maven package
org.jeecgframework.boot/jeecg-boot-base
pkg:maven/org.jeecgframework.boot/jeecg-boot-base
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37306 | — | <= 2.4.5 | — | Feb 3, 2023 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | ||
| CVE-2021-37305 | — | <= 2.4.5 | — | Feb 3, 2023 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | ||
| CVE-2021-37304 | — | <= 2.4.5 | — | Feb 3, 2023 | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | ||
| CVE-2021-44585 | — | < 3.1.0 | 3.1.0 | Mar 10, 2022 | A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | ||
| CVE-2022-22881 | — | <= 3.0 | — | Feb 16, 2022 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | ||
| CVE-2022-22880 | — | <= 3.0 | — | Feb 16, 2022 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | ||
| CVE-2021-46089 | — | <= 3.0 | — | Jan 25, 2022 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. |
- CVE-2021-37306Feb 3, 2023affected <= 2.4.5
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
- CVE-2021-37305Feb 3, 2023affected <= 2.4.5
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
- CVE-2021-37304Feb 3, 2023affected <= 2.4.5
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
- CVE-2021-44585Mar 10, 2022affected < 3.1.0fixed 3.1.0
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
- CVE-2022-22881Feb 16, 2022affected <= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
- CVE-2022-22880Feb 16, 2022affected <= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
- CVE-2021-46089Jan 25, 2022affected <= 3.0
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.