Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25638

Опубликовано: 02 дек. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 7.4

Описание

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

3.6.10.Final-12
esm-apps/bionic

released

3.6.10.Final-9ubuntu0.18.04.1~esm1
esm-apps/focal

released

3.6.10.Final-9+deb10u1build0.20.04.1
esm-apps/jammy

not-affected

3.6.10.Final-11
esm-apps/noble

not-affected

3.6.10.Final-12
esm-apps/xenial

released

3.6.10.Final-4ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

focal

released

3.6.10.Final-9+deb10u1build0.20.04.1
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 66%
0.00519
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25638

CVSS3: 7.4
redhat
больше 5 лет назад

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

nvd логотип

CVE-2020-25638

CVSS3: 7.4
nvd
около 5 лет назад

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

debian логотип

CVE-2020-25638

CVSS3: 7.4
debian
около 5 лет назад

A flaw was found in hibernate-core in versions prior to and including ...

github логотип

GHSA-j8jw-g6fq-mp7h

CVSS3: 7.4
github
почти 4 года назад

SQL injection in hibernate-core

fstec логотип

BDU:2022-00307

CVSS3: 7.4
fstec
больше 5 лет назад

Уязвимость интерфейса API JPA Criteria службы запросов Hibernate ORM, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 66%
0.00519
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3