dontian122/POC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Apache-Submarine-SQL注入漏洞CVE-2023-37924.md

Browse Source
This commit is contained in:
wy876
2023-11-23 19:39:03 +08:00
committed by GitHub
parent f49b0339ce
commit 1bf9d5e8f2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Apache-Submarine-SQL注入漏洞CVE-2023-37924.md
View File

@@ -7,7 +7,7 @@ Apache Submarine是一个端到端的机器学习平台允许数据科学家
0.7.0<=apache-submarine<0.8.0.dev0 0.7.0<=apache-submarine<0.8.0.dev0
``` ```
## 漏洞点 ## 漏洞点
从官方修复得代码来看主要使用mybatis框架使用了${}造成sql注入漏洞 从官方修复得代码来看主要使用mybatis框架并写法不规范,${}造成sql注入漏洞
![](./assets/20231123192338.png) ![](./assets/20231123192338.png)