Homepage

com.baomidou:mybatis-plus-core@3.0-RC vulnerabilities

  • latest version

    3.5.9

  • first published

    7 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.baomidou:mybatis-plus-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    SQL Injection

    Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization, via the column parameter in /core/conditions/AbstractWrapper.java.

    Impact:

    Based on the PoC, this vulnerability only impacts Confidentiality and the attacker does not have control over what kind of information they are able to access. Projects implementing this module will likely require authorization for running queries.

    Note:

    According to the maintainers, this is not to be considered an issue within the current library but with projects implementing it. Developers should perform sanitization checks when handling input from the front end and can use this class for verification purposes.

    How to fix SQL Injection?

    There is no fixed version for com.baomidou:mybatis-plus-core.

    [0,)
    Go back to all versions of this package