VulnCheck KEV: CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING allows a user to retrieve more results than expect...

GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +644 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.5.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.4, =0.0.8 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-J...

ch.sharedvd.tipi:tipi-engine (=2.0.0), cn.jbone:jbone-common (=1.0.0) +158 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.0.13.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =1.2.0, =0.1.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.3 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...

Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +489 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.1.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...

Pivotal Software Spring Data JPA Information Disclosure Vulnerability

Pivotal Software Spring Data JPA is the United States Pivotal Software, Inc. set of applications used to simplify and create JPA-based data access layer development. An information disclosure vulnerability exists in Pivotal Software Spring Data JPA. The vulnerability stems from errors such as...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Input validation

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

CVE-2019-3797

This entry concerns Spring Data JPA with versions up to 2.1.5, 2.0.13 and 1.11.19. The vulnerability arises in derived queries using the predicates startingWith, endingWith, or containing, which could return more results than intended when a crafted query parameter is supplied. Additionally, LIKE...

CVE-2019-3797 Additional information exposure with Spring Data JPA derived queries

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons RCE 远程命令执行漏洞 usage !...

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. Derived queries using any of the predicates startingWith, endingWith or containing could return more results than anticipated when a maliciously crafted query parameter value is supplied. LIKE expressions in manually defined queries could...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

VulnCheck KEV: CVE-2018-1273

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

spring-data-commons: XXE with Spring Data’s XMLBeam integration

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

am.ik.home:uaa-client (>=1.0.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.0.0 <=1.8.1) +1130 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=1.10.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.10.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1, =1, =1, =1, =1, =1, =0.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...