Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cmZ2LWg1djgtY2o3Z84AAyfK
jeecg-boot vulnerable to improper authentication
A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a given identity. The attack may be initiated remotely and the exploit has been disclosed to the public and may be used.
Permalink: https://github.com/advisories/GHSA-6rfv-h5v8-cj7gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cmZ2LWg1djgtY2o3Z84AAyfK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-6rfv-h5v8-cj7g, CVE-2023-1784
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1784
- https://note.youdao.com/ynoteshare/index.html?id=7eb8fc804ea3544d8add43749a09173e
- https://vuldb.com/?ctiid.224699
- https://vuldb.com/?id.224699
- https://github.com/advisories/GHSA-6rfv-h5v8-cj7g
Affected Packages
maven:org.jeecgframework.boot:jeecg-boot-parent
Affected Version Ranges: <= 3.5.0No known fixed version