Количество 2
Количество 2
CVE-2016-6652
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
GHSA-xr4v-28rm-pvgw
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-6652 SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | CVSS3: 5.6 | 0% Низкий | больше 9 лет назад |
| GHSA-xr4v-28rm-pvgw Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA | CVSS3: 5.6 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу