10 matches found
CVE-2026-41697
A flaw was found in Spring Data Relational. This vulnerability allows a remote attacker to perform boolean-based blind data inference by supplying wildcard characters in externally-controlled input when using StringMatcher in Query By Example QBE. This can lead to the disclosure of sensitive...
EUVD-2026-35893
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...
CVE-2026-41697
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...
VMware Spring Data Relational 安全漏洞
VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...
CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...
CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...
CVE-2026-41697
CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...
PT-2026-48313
Name of the Vulnerable Software and Affected Versions Spring Data Relational/JDBC/R2DBC versions 4.0.0 through 4.0.5 Spring Data Relational/JDBC/R2DBC versions 3.5.0 through 3.5.11 Spring Data Relational/JDBC/R2DBC versions 3.4.0 through 3.4.14 Spring Data Relational/JDBC/R2DBC versions 3.3.0...
CVE-2026-41697: Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern
Spring Data Relational does not properly escape binging values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. If an application actively wires externally-controlled input into a QBE probe, an attacker can supply wildcard characters...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via Query By Example QBE StringMatcher handling. An attacker can perform boolean-based blind data inference by supplying wildcard characters in externally controlled input used to populate a QBE probe. When...