CVE-2022-47105 — Jeecg-boot is vulnerable to SQL injection

Description

Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component `/sys/dict/queryTableData`. A patch was released in commit 0fc374.

How to fix CVE-2022-47105

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.jeecgframework.boot:jeecg-boot-base-core—no fix listed
—no fix listed

Is CVE-2022-47105 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, <= 3.4.4
from 0, <= 3.4.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-47105
PATCHgithub.com/jeecgboot/jeecg-boot
WEBgithub.com/jeecgboot/jeecg-boot/commit/0fc374de4745eac52620eeb8caf6a7b76127529a
WEBgithub.com/jeecgboot/jeecg-boot/issues/4393