CVE-2022-25517

Опубликовано: 22 мар. 2022

Источник: redhat

CVSS3: 9.8

EPSS Низкий

Описание

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.

A flaw was found in MyBatis Plus. The issue contains a SQL Injection vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Quarkus	mybatis	Not affected
Red Hat Fuse 7	mybatis	Not affected
Red Hat Integration Camel K 1	mybatis	Not affected
Red Hat Integration Camel Quarkus 1	mybatis	Not affected
Red Hat Integration Data Virtualisation Operator	mybatis	Not affected
Red Hat JBoss Fuse 6	mybatis	Not affected
Red Hat JBoss Fuse Service Works 6	mybatis	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-89

https://bugzilla.redhat.com/show_bug.cgi?id=2067023mybatis: MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability

EPSS

Процентиль: 58%

0.00359

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-25517

CVSS3: 9.8

nvd

почти 4 года назад

GHSA-4m48-j3xj-px27

CVSS3: 9.8

github

почти 4 года назад

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.

EPSS

Процентиль: 58%

0.00359

Низкий

9.8 Critical

CVSS3