Описание
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libhibernate3-java | not-affected | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1666499
https://github.com/hibernate/hibernate-orm/commit/b658e903d71e34a5be5690a33e6faa21b1db628b
https://github.com/hibernate/hibernate-orm/commit/7dfb0fdf24fb4a1f757be14ce5806b5a81f20ab8
https://github.com/hibernate/hibernate-orm/commit/50a5da07c1e6cb1da630b01c67bce9f7fe49dd8e
EPSS
Связанные уязвимости
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
EPSS