17 matches found
EUVD-2022-5849
Malicious code in bioql PyPI...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
Spring Data JPA introduces query parser!
The Problem One of Spring Data JPA’s handy features is letting you plugin in custom JPA queries through its @Query annotation. This allows some flexiblity because you are still able to offer sort parameters to the consumers of your app. Check out the example below: interface SampleRepository...
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...
GHSA-XR4V-28RM-PVGW Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...
Ever wanted to rewrite a query in Spring Data JPA?
Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing youd like to a query before it is sent to the EntityManager. With 3.0.0-SNAPSHOT and targeted for the next milestone release train of Spring Data, you now have the ability to g...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
SQL Injection
hibernate-core is vulnerable to SQL injection. The vulnerability exists when both hibernate.usesqlcomments and JPQL String literals are used which allows an attacker to inject arbitrary sql queries...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
SQL Injection
odata4j is vulnerable to SQL injection. The vulnerability exists as it improperly handles the JPQL Queries in ExecuteCountQueryCommand.java and ExecuteJPQLQueryCommand.java...
CVE-2016-6652
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...
CVE-2016-6652
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...
Sql injection
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...