CVE-2020-26945 #5328
Comments
|
请问如何才能不被扫描出该漏洞 |
|
这是低版本 mybatis的问题,你使用新版本 MP 依赖高版本 mybatis 就可以了 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
{{ message }}
当前使用版本(必填,否则不予处理)
3.5.3.1
扫描出的漏洞信息
CVE-2020-26945 suppress
MyBatis before 3.5.6 mishandles deserialization of object streams.
CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (5.1)
Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3:
Base Score: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
MISC - mybatis/mybatis-3@mybatis-3.5.5...mybatis-3.5.6
MISC - mybatis/mybatis-3#2079
Vulnerable Software & Versions:
cpe:2.3:a:mybatis:mybatis:::::::: versions up to (excluding) 3.5.6
The text was updated successfully, but these errors were encountered: