Описание
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
Отчет
This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate's InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | hibernate-core | Affected | ||
| Red Hat build of OptaPlanner 8 | hibernate-core | Affected | ||
| Red Hat Data Grid 8 | hibernate-core | Not affected | ||
| Red Hat Fuse 7 | hibernate-core | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 8 | hibernate-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | hibernate-core | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-trustyai-service-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-trustyai-service-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/openvsx-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/pluginregistry-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
8.3 High
CVSS3
Связанные уязвимости
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
8.3 High
CVSS3