CVE-2024-39677

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39677
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39677.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-39677
Aliases
Related
Published
2024-07-08T15:15:22Z
Modified
2025-01-15T05:15:16.446710Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.

References

Affected packages

Git / github.com/nhibernate/nhibernate-core

Affected ranges

Type
GIT
Repo
https://github.com/nhibernate/nhibernate-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.2.0.Alpha1
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.CR1

3.*

3.0.0.Alpha1
3.0.0GA
3.1.0GA
3.2.0.Alpha1
3.2.0.Alpha2
3.2.0GA
3.3.0.CR1
3.3.0GA
3.3.1GA
3.3.2GA
3.3.3.CR1
3.3.3.GA
3.3.3.SP1
3.3.4.GA
3.4.0.CR1
3.4.0.GA

4.*

4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.CR1
4.0.0.GA
4.0.1.GA
4.0.2.GA
4.0.3.GA
4.0.4.GA
4.1.0.CR1
4.1.0.GA
4.1.1.GA

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.3.0
5.3.1
5.3.10
5.3.11
5.3.12
5.3.13
5.3.14
5.3.15
5.3.16
5.3.17
5.3.18
5.3.19
5.3.2
5.3.20
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8

Other

Pre_2-1_Refactor
alpha_0-2-0-0
alpha_0-3-0-0
alpha_0-3-0-0_pre-avalon-proxy
alpha_0-4-0-0
beta_0-6-0-0
beta_0-8-0-0
beta_0-8-1-0
beta_0-8-2-0
beta_0-8-3-0
beta_0-8-4-0
beta_0-9-0-0
beta_0-9-1-0
prealpha_0-1-0-0
rc_0-99-1-0