org.jeecgframework.boot:jeecg-boot-base (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jeecgframework.boot:jeecg-boot-base, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-22881 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2021-46089 — CVSS 9.8 (critical): In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
CVE-2022-22880 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
CVE-2021-37305 — CVSS 7.5 (high): An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive…
CVE-2021-37306 — CVSS 7.5 (high): An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive…
CVE-2021-37304 — CVSS 7.5 (high): An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive…
CVE-2021-44585 — CVSS 6.1 (medium): A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.