2067023 – (CVE-2022-25517) CVE-2022-25517 mybatis: MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability

Bug 2067023 (CVE-2022-25517) - CVE-2022-25517 mybatis: MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability

Summary: CVE-2022-25517 mybatis: MyBatis plus v3.4.3 was discovered to contain a SQL i...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-25517
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2071111
TreeView+	depends on / blocked

Reported:	2022-03-23 05:22 UTC by Rohit Keshri
Modified:	2022-04-05 11:50 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-04-01 22:25:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2022-03-23 05:22:18 UTC

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.

https://github.com/HaHarden/mybatis-plus-sql-Injection

Comment 2 Product Security DevOps Team 2022-04-01 22:25:53 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25517

Note You need to log in before you can comment on or make changes to this bug.

aileenc
avibelli
bgeorges
chazlett
clement.escoffier
dandread
dkreling
drieden
ggaughan
gmalinko
gsmet
hamadhan
hbraun
janstey
jnethert
jochrist
jschatte
jwon
krathod
lthon
mszynkie
pantinor
pdelbell
peholase
pgallagh
pjindal
probinso
rareddy
rruss
rsvoboda
sbiarozk
sdouglas