{"url":"http://public2.vulnerablecode.io/api/packages/60282?format=json","purl":"pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0","type":"maven","namespace":"org.jeecgframework.boot","name":"jeecg-boot-base-core","version":"3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42464?format=json","vulnerability_id":"VCID-dpjn-dvav-3bfc","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nJeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.","references":[{"reference_url":"https://github.com/jeecgboot/jeecg-boot/issues/3347","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jeecgboot/jeecg-boot/issues/3347"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22880","reference_id":"CVE-2022-22880","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22880"},{"reference_url":"https://github.com/advisories/GHSA-vh2r-x97c-2vpr","reference_id":"GHSA-vh2r-x97c-2vpr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vh2r-x97c-2vpr"}],"fixed_packages":[],"aliases":["CVE-2022-22880","GHSA-vh2r-x97c-2vpr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpjn-dvav-3bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42187?format=json","vulnerability_id":"VCID-qa9c-u811-4ubr","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn JeecgBoot, there is a SQL injection vulnerability that can operate the database with root privileges.","references":[{"reference_url":"https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0"},{"reference_url":"https://github.com/jeecgboot/jeecg-boot/issues/3331","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jeecgboot/jeecg-boot/issues/3331"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46089","reference_id":"CVE-2021-46089","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46089"},{"reference_url":"https://github.com/advisories/GHSA-26hm-r6mg-963c","reference_id":"GHSA-26hm-r6mg-963c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-26hm-r6mg-963c"}],"fixed_packages":[],"aliases":["CVE-2021-46089","GHSA-26hm-r6mg-963c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qa9c-u811-4ubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42616?format=json","vulnerability_id":"VCID-rk8c-7esa-rkca","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.","references":[{"reference_url":"https://github.com/jeecgboot/jeecg-boot/issues/3223","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jeecgboot/jeecg-boot/issues/3223"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44585","reference_id":"CVE-2021-44585","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44585"},{"reference_url":"https://github.com/advisories/GHSA-q448-6c3m-cxmj","reference_id":"GHSA-q448-6c3m-cxmj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q448-6c3m-cxmj"}],"fixed_packages":[],"aliases":["CVE-2021-44585","GHSA-q448-6c3m-cxmj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk8c-7esa-rkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42470?format=json","vulnerability_id":"VCID-s73y-ynwt-3bfe","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nJeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.","references":[{"reference_url":"https://github.com/jeecgboot/jeecg-boot/issues/3348","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jeecgboot/jeecg-boot/issues/3348"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22881","reference_id":"CVE-2022-22881","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22881"},{"reference_url":"https://github.com/advisories/GHSA-f9pg-g9xw-r5g2","reference_id":"GHSA-f9pg-g9xw-r5g2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f9pg-g9xw-r5g2"}],"fixed_packages":[],"aliases":["CVE-2022-22881","GHSA-f9pg-g9xw-r5g2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-ynwt-3bfe"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0"}