GHSA-j8jw-g6fq-mp7h

Source
https://github.com/advisories/GHSA-j8jw-g6fq-mp7h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-j8jw-g6fq-mp7h/GHSA-j8jw-g6fq-mp7h.json
Aliases
Published
2022-02-09T22:57:29Z
Modified
2023-11-08T04:03:10.957120Z
Summary
SQL injection in hibernate-core
Details

A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Maven / org.hibernate:hibernate-core

Package

Name
org.hibernate:hibernate-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0.Final
Fixed
5.4.24.Final

Affected versions

5.*

5.4.0.Final
5.4.1.Final
5.4.2.Final
5.4.3.Final
5.4.4.Final
5.4.5.Final
5.4.6.Final
5.4.7.Final
5.4.8.Final
5.4.9.Final
5.4.10.Final
5.4.11.Final
5.4.12.Final
5.4.13.Final
5.4.14.Final
5.4.15.Final
5.4.16.Final
5.4.17.Final
5.4.18.Final
5.4.19.Final
5.4.20.Final
5.4.21.Final
5.4.22.Final
5.4.23.Final

Maven / org.hibernate:hibernate-core

Package

Name
org.hibernate:hibernate-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
5.3.20.Final

Affected versions

3.*

3.3.0.CR1
3.3.0.CR2
3.3.0.SP1
3.3.0.GA
3.3.1.GA
3.3.2.GA
3.5.0-Beta-2
3.5.0-Beta-3
3.5.0-Beta-4
3.5.0-CR-1
3.5.0-CR-2
3.5.0.Beta-1
3.5.0-Final
3.5.1-Final
3.5.2-Final
3.5.3-Final
3.5.4-Final
3.5.5-Final
3.5.6-Final
3.6.0.Beta1
3.6.0.Beta2
3.6.0.Beta3
3.6.0.Beta4
3.6.0.CR1
3.6.0.CR2
3.6.0.Final
3.6.1.Final
3.6.2.Final
3.6.3.Final
3.6.4.Final
3.6.5.Final
3.6.6.Final
3.6.7.Final
3.6.8.Final
3.6.9.Final
3.6.10.Final

4.*

4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.Alpha3
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Beta4
4.0.0.Beta5
4.0.0.CR1
4.0.0.CR2
4.0.0.CR3
4.0.0.CR4
4.0.0.CR5
4.0.0.CR6
4.0.0.CR7
4.0.0.Final
4.0.1.Final
4.1.0.Final
4.1.1.Final
4.1.2
4.1.2.Final
4.1.3.Final
4.1.4.Final
4.1.5.SP1
4.1.5.Final
4.1.6.Final
4.1.7.Final
4.1.8.Final
4.1.9.Final
4.1.10.Final
4.1.11.Final
4.1.12.Final
4.2.0.CR1
4.2.0.CR2
4.2.0.SP1
4.2.0.Final
4.2.1.Final
4.2.2.Final
4.2.3.Final
4.2.4.Final
4.2.5.Final
4.2.6.Final
4.2.7.SP1
4.2.7.Final
4.2.8.Final
4.2.9.Final
4.2.10.Final
4.2.11.Final
4.2.12.Final
4.2.13.Final
4.2.14.Final
4.2.15.Final
4.2.16.Final
4.2.17.Final
4.2.18.Final
4.2.19.Final
4.2.20.Final
4.2.21.Final
4.3.0.Beta1
4.3.0.Beta2
4.3.0.Beta3
4.3.0.Beta4
4.3.0.Beta5
4.3.0.CR1
4.3.0.CR2
4.3.0.Final
4.3.1.Final
4.3.2.Final
4.3.3.Final
4.3.4.Final
4.3.5.Final
4.3.6.Final
4.3.7.Final
4.3.8.Final
4.3.9.Final
4.3.10.Final
4.3.11.Final

5.*

5.0.0.Beta1
5.0.0.Beta2
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.Final
5.0.1.Final
5.0.2.Final
5.0.3.Final
5.0.4.Final
5.0.5.Final
5.0.6.Final
5.0.7.Final
5.0.8.Final
5.0.9.Final
5.0.10.Final
5.0.11.Final
5.0.12.Final
5.1.0.Final
5.1.1.Final
5.1.2.Final
5.1.3.Final
5.1.4.Final
5.1.5.Final
5.1.6.Final
5.1.7.Final
5.1.8.Final
5.1.9.Final
5.1.10.Final
5.1.11.Final
5.1.12.Final
5.1.13.Final
5.1.14.Final
5.1.15.Final
5.1.16.Final
5.1.17.Final
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.2.3.Final
5.2.4.Final
5.2.5.Final
5.2.6.Final
5.2.7.Final
5.2.8.Final
5.2.9.Final
5.2.10.Final
5.2.11.Final
5.2.12.Final
5.2.13.Final
5.2.14.Final
5.2.15.Final
5.2.16.Final
5.2.17.Final
5.2.18.Final
5.3.0.Beta1
5.3.0.Beta2
5.3.0.CR1
5.3.0.CR2
5.3.0.Final
5.3.1.Final
5.3.2.Final
5.3.3.Final
5.3.4.Final
5.3.5.Final
5.3.6.Final
5.3.7.Final
5.3.8.Final
5.3.9.Final
5.3.10.Final
5.3.11.Final
5.3.12.Final
5.3.13.Final
5.3.14.Final
5.3.15.Final
5.3.16.Final
5.3.17.Final
5.3.18.Final
5.3.19.Final