rpm package
opensuse/mybatis&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/mybatis&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53192 | — | < 3.5.19-150200.5.9.1 | 3.5.19-150200.5.9.1 | Aug 18, 2025 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression | ||
| CVE-2024-1313 | Med | 6.5 | < 3.5.6-150200.5.6.1 | 3.5.6-150200.5.6.1 | Mar 26, 2024 | It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per | |
| CVE-2023-6152 | — | < 3.5.6-150200.5.6.1 | 3.5.6-150200.5.6.1 | Feb 13, 2024 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. |
- CVE-2025-53192Aug 18, 2025affected < 3.5.19-150200.5.9.1fixed 3.5.19-150200.5.9.1
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression
- affected < 3.5.6-150200.5.6.1fixed 3.5.6-150200.5.6.1
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per
- CVE-2023-6152Feb 13, 2024affected < 3.5.6-150200.5.6.1fixed 3.5.6-150200.5.6.1
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.