Lucene search
+L

17 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-5849

Malicious code in bioql PyPI...

6.8CVSS6.1AI score0.00822EPSS
Exploits1References6
redhat
redhat
added 2025/06/25 12:21 a.m.3 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
spring
spring
added 2023/03/21 12:0 a.m.14 views

Spring Data JPA introduces query parser!

The Problem One of Spring Data JPA’s handy features is letting you plugin in custom JPA queries through its @Query annotation. This allows some flexiblity because you are still able to offer sort parameters to the consumers of your app. Check out the example below: interface SampleRepository...

6.9AI score
Exploits0
github
github
added 2022/05/17 2:37 a.m.33 views

Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

6.8CVSS5.8AI score0.00822EPSS
Exploits1References7Affected Software1
osv
osv
added 2022/05/17 2:37 a.m.39 views

GHSA-XR4V-28RM-PVGW Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

5.6CVSS6.4AI score0.00822EPSS
Exploits1References6
spring
spring
added 2022/05/03 12:3 a.m.24 views

Ever wanted to rewrite a query in Spring Data JPA?

Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing youd like to a query before it is sent to the EntityManager. With 3.0.0-SNAPSHOT and targeted for the next milestone release train of Spring Data, you now have the ability to g...

0.3AI score
Exploits0
redhat
redhat
added 2021/02/17 12:7 p.m.6 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
redhat
redhat
added 2021/02/02 10:25 a.m.7 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
redhat
redhat
added 2021/01/07 11:49 a.m.8 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
redhat
redhat
added 2020/12/03 7:18 p.m.11 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
redhat
redhat
added 2020/12/01 11:45 a.m.8 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
veracode
veracode
added 2020/11/24 10:22 a.m.32 views

SQL Injection

hibernate-core is vulnerable to SQL injection. The vulnerability exists when both hibernate.usesqlcomments and JPQL String literals are used which allows an attacker to inject arbitrary sql queries...

7.4CVSS7.9AI score0.02907EPSS
Exploits0References14Affected Software22
redhat
redhat
added 2020/11/23 1:35 p.m.8 views

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References4
veracode
veracode
added 2020/03/31 6:18 a.m.20 views

SQL Injection

odata4j is vulnerable to SQL injection. The vulnerability exists as it improperly handles the JPQL Queries in ExecuteCountQueryCommand.java and ExecuteJPQLQueryCommand.java...

9.8CVSS2AI score0.01365EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2016/10/05 4:59 p.m.22 views

CVE-2016-6652

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

6.8CVSS6.3AI score0.00822EPSS
Exploits1References5
osv
osv
added 2016/10/05 4:59 p.m.12 views

CVE-2016-6652

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

5.6CVSS6.2AI score0.00822EPSS
Exploits1References5
prion
prion
added 2016/10/05 4:59 p.m.20 views

Sql injection

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

6.8CVSS8.7AI score0.00822EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder