CVE-2022-45207
CRITICAL9.8EPSS 1.0%Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Published: 11/25/2022Modified: 7/18/2025
Also known as:GHSA-4j2x-v3mr-467m
Description
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.
Affected packages (1)
- Maven/org.jeecgframework.boot:jeecg-module-systemfrom 0, < 3.4.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-45207
- PATCHhttps://github.com/jeecgboot/jeecg-boot
- WEBhttp://jeecg-boot.com
- WEBhttps://github.com/jeecgboot/jeecg-boot/commit/8632a835c23f558dfee3584d7658cc6a13ccec6f
- WEBhttps://github.com/jeecgboot/jeecg-boot/commit/958cf01649e67c79887c21f9c0ada42b552b7ee3
- WEBhttps://github.com/jeecgboot/jeecg-boot/issues/4127