Maven package
org.jeecgframework.boot/jeecg-boot-base-core
pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-51825 | — | >= 3.4.3, < 3.8.1 | 3.8.1 | Aug 22, 2025 | JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||
| CVE-2022-47105 | — | <= 3.4.4 | — | Jan 19, 2023 | Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | ||
| CVE-2021-44585 | — | < 3.1.0 | 3.1.0 | Mar 10, 2022 | A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | ||
| CVE-2022-22881 | — | <= 3.0 | — | Feb 16, 2022 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | ||
| CVE-2022-22880 | — | <= 3.0 | — | Feb 16, 2022 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | ||
| CVE-2021-46089 | — | <= 3.0 | — | Jan 25, 2022 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. |
- CVE-2025-51825Aug 22, 2025affected >= 3.4.3, < 3.8.1fixed 3.8.1
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.
- CVE-2022-47105Jan 19, 2023affected <= 3.4.4
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
- CVE-2021-44585Mar 10, 2022affected < 3.1.0fixed 3.1.0
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
- CVE-2022-22881Feb 16, 2022affected <= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
- CVE-2022-22880Feb 16, 2022affected <= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
- CVE-2021-46089Jan 25, 2022affected <= 3.0
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.