Wealeson1

**Name of the Vulnerable Software and Affected Versions** Jeecg-boot versions 3.5.0 and earlier **Description** The issue allows a local attacker to cause a denial of service via the functions `Benchmark`, `PG Sleep`, `DBMS Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS PIPE.RECEIVE MESSAGE`. This is a result of a SQL injection vulnerability. **Recommendations** For Jeecg-boot versions 3.5.0 and earlier, as a temporary workaround, consider disabling the `Benchmark`, `PG Sleep`, `DBMS Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS PIPE.RECEIVE MESSAGE` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.