Aggregates CVE and security vulnerability intelligence across all mybatis-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-25330 | A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | [email protected] | 9.8 | 0.90% | 2023-04-05 | 2024-11-21 |
| CVE-2022-36594 | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | [email protected] | 9.8 | 0.29% | 2022-09-02 | 2024-11-21 |
| CVE-2020-26945 | MyBatis before 3.5.6 mishandles deserialization of object streams. | [email protected] | 8.1 | 1.15% | 2020-10-10 | 2024-11-21 |