Описание
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1730316spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
CVSS3: 5.3
github
больше 6 лет назад
Improper Neutralization of Wildcards or Matching Symbols
5.3 Medium
CVSS3