CVE-2023-25330

Name of the Vulnerable Software and Affected Versions Mybatis plus versions prior to 3.5.3.1

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the tenant ID value. This can occur in misconfigured applications. The documentation provides guidance on developing applications that avoid SQL injection.

Recommendations For versions prior to 3.5.3.1, update to version 3.5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the tenant ID value to minimize the risk of exploitation. Ensure that applications are properly configured to avoid SQL injection vulnerabilities.