CVE-2023-41542: Jeecg Boot SQL injection vulnerability

December 30, 2023 (updated January 3, 2024)

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

References

github.com/advisories/GHSA-5v9r-788c-wc8p
nvd.nist.gov/vuln/detail/CVE-2023-41542
pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29/

Detect and mitigate CVE-2023-41542 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →