org.jeecgframework.boot:jeecg-boot-base
Maven7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jeecgframework.boot:jeecg-boot-basepage 1 of 1
- CVE-2021-37304HIGHCVSS 7.5EG 7.52023-02-03
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
- CVE-2021-37305HIGHCVSS 7.5EG 7.52023-02-03
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
- CVE-2021-37306HIGHCVSS 7.5EG 7.52023-02-03
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
- CVE-2021-44585MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.1.02022-03-10
vulnerable: 3.0
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
- CVE-2021-46089CRITICALCVSS 9.8EG 9.82022-01-25
vulnerable: 3.0
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
- CVE-2022-22880CRITICALCVSS 9.8EG 9.82022-02-16
vulnerable: 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
- CVE-2022-22881CRITICALCVSS 9.8EG 9.82022-02-16
vulnerable: 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
Check whether org.jeecgframework.boot:jeecg-boot-base is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jeecgframework.boot:jeecg-boot-base CVEs against the assets you own.
Start Free Scan →