EUVD-2024-2335

Malicious code in bioql PyPI...

CVE-2024-39677

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

CVE-2024-39677

NHibernate (.NET) has a SQL injection vulnerability affecting certain implementations of ILiteralType.ObjectToSQLString. Exposed scenarios include: discriminator-based inheritance mappings, HQL queries referencing static application fields, and use of SqlInsertBuilder/SqlUpdateBuilder AddColumn o...

NHibernate Security Vulnerabilities

NHibernate is a mature, open source object-relational mapper from NHibernate Open Source. A security vulnerability exists in NHibernate. An attacker exploiting this vulnerability can construct SQL queries directly on the user side using the ObjectToSQLString method...

SQL Injection

Overview NHibernate is a mature, open source object-relational mapper for the .NET framework. It is actively developed, fully featured and used in thousands of successful projects. Affected versions of this package are vulnerable to SQL Injection when passing unescaped user input to...