GHSA-xr4v-28rm-pvgw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xr4v-28rm-pvgw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xr4v-28rm-pvgw/GHSA-xr4v-28rm-pvgw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xr4v-28rm-pvgw
- Aliases
- Published
- 2022-05-17T02:37:09Z
- Modified
- 2023-11-08T03:58:33.104301Z
- Severity
-
- 5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
- Details
-
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
- Database specific
{ "nvd_published_at": "2016-10-05T16:59:00Z", "github_reviewed_at": "2022-07-06T19:45:18Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-89" ] }- References
Affected packages
Maven / org.springframework.data:spring-data-jpa
Package
- Name
- org.springframework.data:spring-data-jpa
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.data/spring-data-jpa
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.9.6
Affected versions
1.*
1.0.0.RELEASE
1.0.1.RELEASE
1.0.2.RELEASE
1.0.3.RELEASE
1.1.0.RELEASE
1.1.1.RELEASE
1.1.2.RELEASE
1.2.0.RELEASE
1.2.1.RELEASE
1.3.0.RELEASE
1.3.1.RELEASE
1.3.2.RELEASE
1.3.3.RELEASE
1.3.4.RELEASE
1.3.5.RELEASE
1.4.0.RELEASE
1.4.1.RELEASE
1.4.2.RELEASE
1.4.3.RELEASE
1.4.4.RELEASE
1.4.5.RELEASE
1.5.0.RELEASE
1.5.1.RELEASE
1.5.2.RELEASE
1.5.3.RELEASE
1.6.0.RELEASE
1.6.1.RELEASE
1.6.2.RELEASE
1.6.4.RELEASE
1.6.5.RELEASE
1.6.6.RELEASE
1.7.0.RELEASE
1.7.1.RELEASE
1.7.2.RELEASE
1.7.3.RELEASE
1.7.4.RELEASE
1.8.0.RC1
1.8.0.RELEASE
1.8.1.RELEASE
1.8.2.RELEASE
1.9.0.RELEASE
1.9.1.RELEASE
1.9.2.RELEASE
1.9.4.RELEASE
1.9.5.RELEASE
Maven / org.springframework.data:spring-data-jpa
Package
- Name
- org.springframework.data:spring-data-jpa
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.data/spring-data-jpa