NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

🗓️ 08 Jul 2024 14:20:33Reported by GitHub Advisory DatabaseType

NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities. Releases 5.4.9 and 5.5.2. Impact on mappings, HQL queries, and utility usage

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-39677	8 Jul 202417:50	–	circl
CNNVD	NHibernate Security Vulnerabilities	8 Jul 202400:00	–	cnnvd
CVE	CVE-2024-39677	8 Jul 202414:52	–	cve
Cvelist	CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities	8 Jul 202414:52	–	cvelist
EUVD	EUVD-2024-2335	3 Oct 202520:07	–	euvd
NVD	CVE-2024-39677	8 Jul 202415:15	–	nvd
OSV	CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities	8 Jul 202414:52	–	osv
OSV	GHSA-FG4Q-CCQ8-3R5Q NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities	8 Jul 202414:20	–	osv
Positive Technologies	PT-2024-28616 · Hibernate · Hibernate	8 Jul 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-39677	23 May 202510:16	–	redhatcve

Vulners

Node

nhibernate nhibernate-coreRange5.5.0–5.5.2nuget

nhibernate nhibernate-coreRange<5.4.9nuget

Source	Link
github	www.github.com/nhibernate/nhibernate-core/security/advisories/GHSA-fg4q-ccq8-3r5q
github	www.github.com/nhibernate/nhibernate-core/issues/3516
github	www.github.com/nhibernate/nhibernate-core/pull/3517
github	www.github.com/nhibernate/nhibernate-core/pull/3547
github	www.github.com/nhibernate/nhibernate-core/commit/b4a69d1a5ff5744312478d70308329af496e4ba9
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-39677
github	www.github.com/advisories/GHSA-fg4q-ccq8-3r5q

18 Nov 2024 16:26Current

6Medium risk

Vulners AI Score6

CVSS 3.15.9 - 9.8

EPSS0.00548

SSVC

CWE-89