CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2019/06/04 3:42 p.m.•3 views

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +493 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.21.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-XGGX-FX6W-V7CH...

5.3CVSS6.1AI score0.01247EPSS

vulnersOsv•added 2019/06/04 3:42 p.m.•5 views

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +1138 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.1.7.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.21 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-derby =2.0 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-h2 =2.0 -...

5.3CVSS6.1AI score0.01247EPSS

OSV•added 2019/06/04 3:42 p.m.•13 views

GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols

5.3CVSS5.4AI score0.01247EPSS

Exploits0References2

Github Security Blog•added 2019/06/04 3:42 p.m.•37 views

Improper Neutralization of Wildcards or Matching Symbols

5.3CVSS3.8AI score0.01247EPSS

Exploits0References3Affected Software1

NVD•added 2019/06/03 2:29 p.m.•31 views

CVE-2019-3802

5.3CVSS4.3AI score0.01247EPSS

Prion•added 2019/06/03 2:29 p.m.•16 views

Design/Logic Flaw

5CVSS5.4AI score0.01247EPSS

CVE•added 2019/06/03 1:47 p.m.•116 views

CVE-2019-3802

CVE-2019-3802 affects Spring Data JPA up to versions 2.1.6, 2.0.14, and 1.11.20. Affected component is ExampleMatcher using StringMatcher.STARTING, StringMatcher.ENDING, or StringMatcher.CONTAINING, where crafted example values could return more results than intended. Multiple connected sources c...

5.3CVSS4.8AI score0.01247EPSS

Cvelist•added 2019/06/03 1:47 p.m.•29 views

CVE-2019-3802 Additional information exposure with Spring Data JPA example matcher

3.5CVSS5.1AI score0.01247EPSS

Veracode•added 2019/05/15 6:29 a.m.•17 views

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING allows a user to retrieve more results than expect...

5.3CVSS3AI score0.01247EPSS

vulnersOsv•added 2019/05/14 4:2 a.m.•5 views

ch.sharedvd.tipi:tipi-engine (=2.0.0), cn.jbone:jbone-common (=1.0.0) +158 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.0.13.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =1.2.0, =0.1.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.3 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...

5.3CVSS6.3AI score0.01087EPSS

vulnersOsv•added 2019/05/14 4:2 a.m.•4 views

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +489 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.1.RELEASE)

5.3CVSS6.3AI score0.01087EPSS

vulnersOsv•added 2019/05/14 4:2 a.m.•10 views

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +644 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.5.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.4, =0.0.8 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-J...

5.3CVSS6.3AI score0.01087EPSS

OSV•added 2019/05/14 4:2 a.m.•15 views

GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

5.3CVSS5.5AI score0.01087EPSS

Exploits0References2

Github Security Blog•added 2019/05/14 4:2 a.m.•32 views

Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

5.3CVSS2.6AI score0.01087EPSS

Exploits0References3Affected Software1

NVD•added 2019/05/06 4:29 p.m.•25 views

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

5.3CVSS4.3AI score0.01087EPSS

Prion•added 2019/05/06 4:29 p.m.•17 views

Input validation

5CVSS5.4AI score0.01087EPSS

Cvelist•added 2019/05/06 3:21 p.m.•27 views

CVE-2019-3797 Additional information exposure with Spring Data JPA derived queries

3.5CVSS5.1AI score0.01087EPSS

CVE•added 2019/05/06 3:21 p.m.•105 views

CVE-2019-3797

This entry concerns Spring Data JPA with versions up to 2.1.5, 2.0.13 and 1.11.19. The vulnerability arises in derived queries using the predicates startingWith, endingWith, or containing, which could return more results than intended when a crafted query parameter is supplied. Additionally, LIKE...

5.3CVSS4.8AI score0.01087EPSS