Lucene search
RedhatCVELIST:CVE-2019-14900HistoryJul 06, 2020 - 6:35 p.m.
CVE-2019-14900
2020-07-0618:35:01
redhat
www.cve.org
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CNA Affected
[
{
"product": "Hibernate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.3.18"
},
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.4.18"
},
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.5.0.Beta1"
}
]
}
]Related
redhatcve
redhatcve
CVE-2019-14900
2020-05-12 15:40:12
cve
cve
CVE-2019-14900
2020-07-06 19:15:12
osv
osv
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
CVE-2019-14900
2020-07-06 19:15:12
githubexploit
githubexploit
Exploit for SQL Injection in Hibernate Hibernate Orm
2021-01-06 13:06:45
github
github
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
veracode
veracode
SQL Injection
2020-08-18 02:03:37
prion
prion
Sql injection
2020-07-06 19:15:00
nvd
nvd
CVE-2019-14900
2020-07-06 19:15:12
debiancve
debiancve
CVE-2019-14900
2020-07-06 19:15:12
ibm
ibm
redhat
redhat
nessus
nessus