MyBatis-Plus CVE-2023-25330 (Critical) detected in mybatis-plus-3.5.3.1.jar

^{Originally posted by **lizhh123** June 15, 2023} hi there is an vulnerability(CVE-2023-25330) in mybatis-plus-3.5.3.1, do you have any plan to fixed it? Details: An enhanced toolkit of Mybatis to simplify development. Library home page: https://github.com/baomidou/mybatis-plus Path to vulnerable library: baomidou/mybatis-plus/3.5.3.1/mybatis-plus-3.5.3.1.jar Dependency Hierarchy: mybatis-plus-boot-starter-3.5.3.1.jar (Root Library) ❌ mybatis-plus-3.5.3.1.jar (Vulnerable Library) Found in base branch: main Vulnerability Details A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. Publish Date: 2023-04-05 URL: [CVE-2023-25330](https://www.mend.io/vulnerability-database/CVE-2023-25330) CVSS 3 Score Details (9.8) Base Score Metrics: Exploitability Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Impact Metrics: Confidentiality Impact: High Integrity Impact: High Availability Impact: High