my-springsecurity-plus before v2024.07.03 was discovered...
Critical severity
Unreviewed
Published
Jul 12, 2024
to the GitHub Advisory Database
•
Updated Jul 12, 2024
Description
Published by the National Vulnerability Database
Jul 12, 2024
Published to the GitHub Advisory Database
Jul 12, 2024
Last updated
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
References