{"id":"GHSA-f9pg-g9xw-r5g2","summary":"SQL Injection in Jeecg-boot","details":"Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.","aliases":["CVE-2022-22881"],"modified":"2023-11-08T04:08:14.136052Z","published":"2022-02-17T00:00:25Z","database_specific":{"nvd_published_at":"2022-02-16T22:15:00Z","cwe_ids":["CWE-89"],"github_reviewed":true,"github_reviewed_at":"2022-02-25T20:56:36Z","severity":"CRITICAL"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22881"},{"type":"WEB","url":"https://github.com/jeecgboot/jeecg-boot/issues/3348"}],"affected":[{"package":{"name":"org.jeecgframework.boot:jeecg-boot-base","ecosystem":"Maven","purl":"pkg:maven/org.jeecgframework.boot/jeecg-boot-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"3.0"}]}],"versions":["3.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-f9pg-g9xw-r5g2/GHSA-f9pg-g9xw-r5g2.json"}},{"package":{"name":"org.jeecgframework.boot:jeecg-boot-base-core","ecosystem":"Maven","purl":"pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"3.0"}]}],"versions":["3.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-f9pg-g9xw-r5g2/GHSA-f9pg-g9xw-r5g2.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}