From 4175e5741b84bdda7bbb71f1a48e97e0c7803aed Mon Sep 17 00:00:00 2001 From: KwanSuddoungjai <137872890+kwansuddoungjai@users.noreply.github.com> Date: Fri, 1 Sep 2023 15:46:28 +0700 Subject: [PATCH] Improve GHSA-62pr-54gv-vg5g --- .../GHSA-62pr-54gv-vg5g.json | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json b/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json index ac4147b1090f9..cba8b3673159f 100644 --- a/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json +++ b/advisories/github-reviewed/2023/08/GHSA-62pr-54gv-vg5g/GHSA-62pr-54gv-vg5g.json @@ -7,9 +7,12 @@ "CVE-2023-40787" ], "summary": "SpringBlade vulnerable to SQL injection", - "details": "In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.", + "details": " In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.\n\nReferences\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40787\nhttps://gist.github.com/kaliwin/9d6cf58bb6ec06765cdf7b75e13ee460\nhttps://sword.bladex.cn/", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ { @@ -17,11 +20,19 @@ "ecosystem": "Maven", "name": "org.springblade:blade-core-tool" }, - "ecosystem_specific": { - "affected_functions": [ - "" - ] - }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.6.0" + }, + { + "fixed": "None" + } + ] + } + ], "versions": [ "3.6.0" ] @@ -49,7 +60,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": "HIGH", + "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-08-31T18:33:40Z", "nvd_published_at": null