org.jeecgframework.boot:jeecg-boot-parent (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jeecgframework.boot:jeecg-boot-parent, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2024-48307 — CVSS 9.8 (critical): JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
CVE-2023-34659 — CVSS 9.8 (critical): jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
CVE-2023-42268 — CVSS 9.8 (critical): Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVE-2020-28088 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
CVE-2023-24789 — CVSS 8.8 (high): jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
CVE-2023-34603 — CVSS 7.5 (high): JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at…
CVE-2023-41578 — CVSS 7.5 (high): Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
CVE-2023-34602 — CVSS 7.5 (high): JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at…
CVE-2023-34660 — CVSS 6.5 (medium): jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
CVE-2023-38905 — CVSS 5.5 (medium): SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark…
CVE-2023-1784 — CVSS 5.3 (medium): A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API…
CVE-2023-1741 — CVSS 4.3 (medium): A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown…