CVE-2023-40787: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

August 29, 2023 (updated August 31, 2023)

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

References

gist.github.com/kaliwin/9d6cf58bb6ec06765cdf7b75e13ee460
github.com/advisories/GHSA-62pr-54gv-vg5g
nvd.nist.gov/vuln/detail/CVE-2023-40787
sword.bladex.cn/

Detect and mitigate CVE-2023-40787 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →