CVE-2024-39677
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39677
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39677.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39677
- Aliases
- Related
- Published
- 2024-07-08T15:15:22Z
- Modified
- 2025-01-15T05:15:16.446710Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.
- References
-
- https://github.com/nhibernate/nhibernate-core/security/advisories/GHSA-fg4q-ccq8-3r5q
- https://github.com/nhibernate/nhibernate-core/commit/b4a69d1a5ff5744312478d70308329af496e4ba9
- https://github.com/nhibernate/nhibernate-core/pull/3547
- https://github.com/nhibernate/nhibernate-core/issues/3516
- https://github.com/nhibernate/nhibernate-core/pull/3517
Affected packages
Git / github.com/nhibernate/nhibernate-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nhibernate/nhibernate-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.2.0.Alpha1
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.CR1
3.*
3.0.0.Alpha1
3.0.0GA
3.1.0GA
3.2.0.Alpha1
3.2.0.Alpha2
3.2.0GA
3.3.0.CR1
3.3.0GA
3.3.1GA
3.3.2GA
3.3.3.CR1
3.3.3.GA
3.3.3.SP1
3.3.4.GA
3.4.0.CR1
3.4.0.GA
4.*
4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.CR1
4.0.0.GA
4.0.1.GA
4.0.2.GA
4.0.3.GA
4.0.4.GA
4.1.0.CR1
4.1.0.GA
4.1.1.GA
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.3.0
5.3.1
5.3.10
5.3.11
5.3.12
5.3.13
5.3.14
5.3.15
5.3.16
5.3.17
5.3.18
5.3.19
5.3.2
5.3.20
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
Other
Pre_2-1_Refactor
alpha_0-2-0-0
alpha_0-3-0-0
alpha_0-3-0-0_pre-avalon-proxy
alpha_0-4-0-0
beta_0-6-0-0
beta_0-8-0-0
beta_0-8-1-0
beta_0-8-2-0
beta_0-8-3-0
beta_0-8-4-0
beta_0-9-0-0
beta_0-9-1-0
prealpha_0-1-0-0
rc_0-99-1-0