Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.
Advisories for Maven/Org.mybatis/Mybatis package
2023
2020
Deserialization of Untrusted Data
MyBatis mishandles deserialization of object streams.