Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0

Type maven

Namespace org.jeecgframework.boot

Name jeecg-boot-base-core

Version 3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-dpjn-dvav-3bfc

vulnerability_id VCID-dpjn-dvav-3bfc

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.

references

reference_url	https://github.com/jeecgboot/jeecg-boot/issues/3347
reference_id
reference_type
scores
url	https://github.com/jeecgboot/jeecg-boot/issues/3347

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22880
reference_id	CVE-2022-22880
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22880

reference_url	https://github.com/advisories/GHSA-vh2r-x97c-2vpr
reference_id	GHSA-vh2r-x97c-2vpr
reference_type
scores
url	https://github.com/advisories/GHSA-vh2r-x97c-2vpr

fixed_packages

aliases CVE-2022-22880, GHSA-vh2r-x97c-2vpr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpjn-dvav-3bfc

url VCID-qa9c-u811-4ubr

vulnerability_id VCID-qa9c-u811-4ubr

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In JeecgBoot, there is a SQL injection vulnerability that can operate the database with root privileges.

references

reference_url	https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0
reference_id
reference_type
scores
url	https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0

reference_url	https://github.com/jeecgboot/jeecg-boot/issues/3331
reference_id
reference_type
scores
url	https://github.com/jeecgboot/jeecg-boot/issues/3331

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-46089
reference_id	CVE-2021-46089
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-46089

reference_url	https://github.com/advisories/GHSA-26hm-r6mg-963c
reference_id	GHSA-26hm-r6mg-963c
reference_type
scores
url	https://github.com/advisories/GHSA-26hm-r6mg-963c

fixed_packages

aliases CVE-2021-46089, GHSA-26hm-r6mg-963c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qa9c-u811-4ubr

url VCID-rk8c-7esa-rkca

vulnerability_id VCID-rk8c-7esa-rkca

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.

references

reference_url	https://github.com/jeecgboot/jeecg-boot/issues/3223
reference_id
reference_type
scores
url	https://github.com/jeecgboot/jeecg-boot/issues/3223

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44585
reference_id	CVE-2021-44585
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44585

reference_url	https://github.com/advisories/GHSA-q448-6c3m-cxmj
reference_id	GHSA-q448-6c3m-cxmj
reference_type
scores
url	https://github.com/advisories/GHSA-q448-6c3m-cxmj

fixed_packages

aliases CVE-2021-44585, GHSA-q448-6c3m-cxmj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk8c-7esa-rkca

url VCID-s73y-ynwt-3bfe

vulnerability_id VCID-s73y-ynwt-3bfe

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.

references

reference_url	https://github.com/jeecgboot/jeecg-boot/issues/3348
reference_id
reference_type
scores
url	https://github.com/jeecgboot/jeecg-boot/issues/3348

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22881
reference_id	CVE-2022-22881
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22881

reference_url	https://github.com/advisories/GHSA-f9pg-g9xw-r5g2
reference_id	GHSA-f9pg-g9xw-r5g2
reference_type
scores
url	https://github.com/advisories/GHSA-f9pg-g9xw-r5g2

fixed_packages

aliases CVE-2022-22881, GHSA-f9pg-g9xw-r5g2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-ynwt-3bfe

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0

Package Instance