5 matches found
Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update
A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +489 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.1.RELEASE)
org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...
ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +644 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.5.RELEASE)
org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.4, =0.0.8 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-J...
CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
CVE-2019-3797 Additional information exposure with Spring Data JPA derived queries
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...