CVE-2024-40539

State: PUBLISHED · Published: 2024-07-12 · Updated: 2024-08-02 · Assigner: mitre

Description

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.

CWE

CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected

CVSS

References

Source

cvelistV5-main/cves/2024/40xxx/CVE-2024-40539.json