CVE-2023-34602
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
6.5
MEDIUM
CVSS 3.1
EPSS 0.45%
Description
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component `queryTableDictItemsByCode` in method `org.jeecg.modules.api.controller.SystemApiController`.
How to fix CVE-2023-34602
To remediate CVE-2023-34602, upgrade the affected package to a fixed version below.
- Maven/org.jeecgframework.boot:jeecg-boot-parent—upgrade to 3.5.1 or later
Is CVE-2023-34602 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.5.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |