org.jeecgframework.boot:jeecg-boot-parent@3.5.1 vulnerabilities

  • latest version

    3.5.1

  • first published

    1 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.jeecgframework.boot:jeecg-boot-parent package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Directory Traversal

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to Directory Traversal via the /testConnection interface. An attacker can read arbitrary files by exploiting this vulnerability.

    How to fix Directory Traversal?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • H
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection in the loadTreeData() function in SysDictController, exploitable via the title parameter at the /sys/dict/loadTreeData endpoint.

    How to fix SQL Injection?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • C
    Arbitrary File Upload

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to Arbitrary File Upload via the /jeecg-boot/sys/common/upload allowing attackers to execute arbitrary code.

    How to fix Arbitrary File Upload?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • M
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization in the queryFilterTableDictInfo component via the org.jeecg.modules.api.controller.SystemApiController method.

    How to fix SQL Injection?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • M
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization passed to the id parameter of the /jeecg-boot/jmreport/show interface.

    How to fix SQL Injection?

    A fix was pushed into the master branch but not yet published.

    [3.5.0,)
    • M
    Arbitrary File Upload

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to Arbitrary File Upload via the /jeecg-boot/jmreport/upload interface.

    How to fix Arbitrary File Upload?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • M
    Information Exposure

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to Information Exposure via the component API Documentation.

    How to fix Information Exposure?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • M
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization in the SysDictMapper.java file of the Sleep Command Handler component.

    How to fix SQL Injection?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • M
    Information Exposure

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to Information Exposure due to improper user-input sanitization via the apiSelectId parameter in the jmreport/qurestSql file.

    How to fix Information Exposure?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • H
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization via the building block Report component.

    How to fix SQL Injection?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • H
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection via the realname argument in the queryUserByDepId function, which does not sanitize the content of the argument. Down the line, this function calls queryUserByDepCode function with realname as an argument, which in turn calls queryDepartUserList (again, with realname as an argument), and finally rendering the contents after evaluation if realname isn't null or an empty string.

    How to fix SQL Injection?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)
    • H
    SQL Injection

    org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform.

    Affected versions of this package are vulnerable to SQL Injection via the username and admin arguments of the queryDepartUserPageList function, whose contents are not sanitized and are evaluated.

    How to fix SQL Injection?

    There is no fixed version for org.jeecgframework.boot:jeecg-boot-parent.

    [0,)