Xuanshao

**Name of the Vulnerable Software and Affected Versions** jeecg-boot version 3.5.0 **Description** A vulnerability was found in the file `SysDictMapper.java` of the component `Sleep Command Handler`, leading to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For jeecg-boot version 3.5.0, consider disabling the `Sleep Command Handler` component or restricting access to the `SysDictMapper.java` file until a patch is available. As a temporary workaround, avoid using the functionality of the `SysDictMapper.java` file that is vulnerable to sql injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.