SpringBlade
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47458 | Cri | 0.64 | 9.8 | 0.01 | Jan 2, 2024 | An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | ||
| CVE-2022-27360 | Cri | 0.64 | 9.8 | 0.02 | May 5, 2022 | SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | ||
| CVE-2020-16165 | Cri | 0.64 | 9.8 | 0.01 | Jul 30, 2020 | The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | ||
| CVE-2024-33332 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2024 | An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | ||
| CVE-2025-2322 | Hig | 0.48 | 7.3 | 0.01 | Mar 15, 2025 | A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded… | ||
| CVE-2023-40788 | Med | 0.34 | 5.3 | 0.01 | Sep 19, 2023 | SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs |
- risk 0.64cvss 9.8epss 0.01
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
- risk 0.64cvss 9.8epss 0.02
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
- risk 0.64cvss 9.8epss 0.01
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
- risk 0.49cvss 7.5epss 0.01
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded…
- risk 0.34cvss 5.3epss 0.01
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs