SQL Injection

nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...

CVE-2024-39677

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

PT-2024-28616 · Hibernate · Hibernate

Name of the Vulnerable Software and Affected Versions: NHibernate versions prior to 5.4.9 NHibernate versions prior to 5.5.2 Description: A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. This vulnerability affects callers of these methods, including...

SQL Injection

Overview NHibernate is a mature, open source object-relational mapper for the .NET framework. It is actively developed, fully featured and used in thousands of successful projects. Affected versions of this package are vulnerable to SQL Injection when passing unescaped user input to...