Maven package
org.jeecgframework.boot/jeecg-boot-common
pkg:maven/org.jeecgframework.boot/jeecg-boot-common
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57606 | — | < 3.7.3 | 3.7.3 | Feb 7, 2025 | SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component. | ||
| CVE-2023-41544 | — | <= 3.5.3 | — | Dec 30, 2023 | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | ||
| CVE-2023-41543 | — | <= 3.5.3 | — | Dec 30, 2023 | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | ||
| CVE-2023-41542 | — | <= 3.5.3 | — | Dec 30, 2023 | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | ||
| CVE-2023-47467 | — | <= 3.6.0 | — | Nov 22, 2023 | Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | ||
| CVE-2023-40989 | — | < 3.6.0 | 3.6.0 | Sep 22, 2023 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | ||
| CVE-2023-38992 | — | < 3.5.3 | 3.5.3 | Jul 28, 2023 | jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | ||
| CVE-2023-1454 | — | <= 3.5.0 | — | Mar 17, 2023 | A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclo |
- CVE-2024-57606Feb 7, 2025affected < 3.7.3fixed 3.7.3
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.
- CVE-2023-41544Dec 30, 2023affected <= 3.5.3
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
- CVE-2023-41543Dec 30, 2023affected <= 3.5.3
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
- CVE-2023-41542Dec 30, 2023affected <= 3.5.3
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
- CVE-2023-47467Nov 22, 2023affected <= 3.6.0
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
- CVE-2023-40989Sep 22, 2023affected < 3.6.0fixed 3.6.0
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
- CVE-2023-38992Jul 28, 2023affected < 3.5.3fixed 3.5.3
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
- CVE-2023-1454Mar 17, 2023affected <= 3.5.0
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclo