13 matches found
EUVD-2022-1817
Malicious code in bioql PyPI...
Spring Data JDBC and R2DBC 4.0 will support Composite IDs
I'm happy to announce, that Spring Data JDBC and R2DBC finally support Composite IDs starting with version 4.0.0-M4. Most of you probably know, but just to make sure everyone has the same understanding: From the database point of view a composite id or composite key is a primary key that consists...
This Week in Spring - October 29th, 2024
Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...
CVE-2024-23689
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
CVE-2024-23689
Summary: CVE-2024-23689 affects ClickHouse Java libraries (clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-client) with versions
A Bootiful Podcast: Tadaya Tsuyukubo, creator of R2DBC Proxy, DataSource Proxy, and more
HI, Spring fans! In this installment Josh Long talks to R2DBC Proxy creator Tadaya Tsuyukubo, @ttddyy, creator of R2DBC Proxy and others...
com.github.goodforgod:micronaut-clickhouse (=5.0.0) potentially affected by CVE-2024-23689 via com.clickhouse:clickhouse-r2dbc (=0.4.4)
com.clickhouse:clickhouse-r2dbc MAVEN version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on com.clickhouse:clickhouse-r2dbc and may be impacted: - com.github.goodforgod:micronaut-clickhouse =5.0.0 Source cves: CVE-2024-23689 Source advisory:...
PT-2023-32950 · Clickhouse · Clickhouse-R2Dbc +2
Name of the Vulnerable Software and Affected Versions: clickhouse-r2dbc versions less than 0.4.6 com.clickhouse:clickhouse-jdbc versions less than 0.4.6 com.clickhouse:clickhouse-client versions less than 0.4.6 Description: The issue allows unauthorized users to gain access to client certificate...
This Week in Spring - March 28th, 202
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm reporting to you from Los Angeles, where my family and I have gone for my daughter's spring break. We're going to survey some prospective colleges and we're going to Disneyland. Needless to say, I'm doubly glad to have al...
CVE-2022-24815
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...
Sql injection
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...
CVE-2022-24815
CVE-2022-24815 affects JHipster-generated applications that use a SQL database with reactive Spring WebFlux. The vulnerability resides in the entity repository’s findAllBy(Pageable, Criteria) where clause, where Criteria.toString() is not sanitized and user input is passed through directly, enabl...
CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...