MyBatis try to solve snyk Vulnerability:CVE-2025-53192

About the Bug...

• [x] I have checked that this issue has not already been reported.

• [x] I have confirmed this bug exists on the latest version of MyBatis.

• [x] I have confirmed this bug reproduces without 3rd party extensions (e.g. mybatis-plus).

Database Version

Mybatis 3.5.16

JDBC Driver Version

org.mariadb.jdbc.Driver 3.5.4

Issue Description

snyk link: https://security.snyk.io/vuln/SNYK-JAVA-OGNL-12671191

Description: Mybatis under the package, the scope of the ognl package is compile, which was scanned by Snyk

About your report...

• [x] I did not use images 🖼️ for showing text information (code, error, etc.).

• [x] I checked the Preview and my report looks awesome! 👍

Comment From: harawata

See https://github.com/orphan-oss/ognl/issues/430 That CVE is not valid. I am going to close this.

Comment From: DFC66

See orphan-oss/ognl#430 That CVE is not valid. I am going to close this.

so we should jump this snyk Vulnerability?

Comment From: harawata

We can just ignore it, I think. I am not sure how snyk works, but the CVE will be marked as false-positive soon (the reporter of the linked issue had reported it as false-positive, I believe).