13 matches found
EUVD-2024-2335
Malicious code in bioql PyPI...
CVE-2024-39677
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
SQL Injection
nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...
CVE-2024-39677
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
CVE-2024-39677
NHibernate (.NET) has a SQL injection vulnerability affecting certain implementations of ILiteralType.ObjectToSQLString. Exposed scenarios include: discriminator-based inheritance mappings, HQL queries referencing static application fields, and use of SqlInsertBuilder/SqlUpdateBuilder AddColumn o...
CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Impact A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes: - Mappings using inheritance with discriminator values: - The discriminator value could be written in the mapping in a...
GHSA-FG4Q-CCQ8-3R5Q NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Impact A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes: - Mappings using inheritance with discriminator values: - The discriminator value could be written in the mapping in a...
PT-2024-28616 · Hibernate · Hibernate
Name of the Vulnerable Software and Affected Versions: NHibernate versions prior to 5.4.9 NHibernate versions prior to 5.5.2 Description: A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. This vulnerability affects callers of these methods, including...
NHibernate Security Vulnerabilities
NHibernate is a mature, open source object-relational mapper from NHibernate Open Source. A security vulnerability exists in NHibernate. An attacker exploiting this vulnerability can construct SQL queries directly on the user side using the ObjectToSQLString method...
SQL Injection
Overview NHibernate is a mature, open source object-relational mapper for the .NET framework. It is actively developed, fully featured and used in thousands of successful projects. Affected versions of this package are vulnerable to SQL Injection when passing unescaped user input to...