CVE-2023-1784

Name of the Vulnerable Software and Affected Versions jeecg-boot version 3.5.0

Description A critical issue affects some unknown processing of the component API Documentation, leading to improper authentication because the software does not properly prove or insufficiently proves that an identity claim is correct when an actor claims to have a given identity. The attack may be initiated remotely.

Recommendations For jeecg-boot version 3.5.0, consider disabling the API Documentation component until a patch is available to prevent improper authentication. Restrict access to the API to minimize the risk of exploitation. Avoid using the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.