org.jeecgframework.boot:jeecg-boot-common@3.4.0 vulnerabilities

latest version

3.7.2

first published

2 years ago

latest version published

1 months ago

licenses detected

Apache-2.0
[3.4.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.jeecgframework.boot:jeecg-boot-common package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Path Traversal Affected versions of this package are vulnerable to Path Traversal. A remote privileged attacker can obtain sensitive information by exploiting the file directory structure. How to fix Path Traversal? There is no fixed version for `org.jeecgframework.boot:jeecg-boot-common`.	[0,)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `report/jeecgboot/jmreport/queryFieldBySql` component. An attacker can execute arbitrary code by sending a crafted request. How to fix SQL Injection? Upgrade `org.jeecgframework.boot:jeecg-boot-common` to version 3.5.5 or higher.	[,3.5.5)

Go back to all versions of this package