Spring Data Commons Installed

Binary data pivotalsoftwarespringdatacommonsinstalled.nbin...

Spring Data JPA Installed

Binary data pivotalsoftwarespringdatajpainstalled.nbin...

Spring Data REST Installed

Binary data pivotalsoftwarespringdatarestinstalled.nbin...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2019-3802

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +493 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.21.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-XGGX-FX6W-V7CH...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +1138 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.1.7.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.21 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-derby =2.0 - au.net.causal.shoelaces:shoelaces-jdbc-integration-tests-app-h2 =2.0 -...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +690 more potentially affected by CVE-2019-3802 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.7.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.1, =0.0.8 and more Source cves: CVE-2019-3802 Source advisory: OSV:GHSA-X...

Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Design/Logic Flaw

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

CVE-2019-3802

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

CVE-2019-3802

CVE-2019-3802 affects Spring Data JPA up to versions 2.1.6, 2.0.14, and 1.11.20. Affected component is ExampleMatcher using StringMatcher.STARTING, StringMatcher.ENDING, or StringMatcher.CONTAINING, where crafted example values could return more results than intended. Multiple connected sources c...

CVE-2019-3802 Additional information exposure with Spring Data JPA example matcher

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

VulnCheck KEV: CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING allows a user to retrieve more results than expect...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.21) +644 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.1.0.RELEASE <=2.1.5.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.1.0.RELEASE, =0.5.0, =0.5.0, =0.0.4, =0.0.8 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-J...

ch.sharedvd.tipi:tipi-engine (=2.0.0), cn.jbone:jbone-common (=1.0.0) +158 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=2.0.0.RELEASE <=2.0.13.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =2.0.0.RELEASE, =1.2.0, =0.1.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.3 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), au.com.mountain-pass:hyperstate-client (>=1 <=10) +489 more potentially affected by CVE-2019-3797 via org.springframework.data:spring-data-jpa (>=1.0.1.RELEASE <=1.11.1.RELEASE)

org.springframework.data:spring-data-jpa MAVEN version =1.0.1.RELEASE, =1.0.0, =1, =1, =1, =1, =1, =0.1.0, =1.0.0, =1.6, =1.1.10, =3.0.1.3, =3.0.1.11 and more Source cves: CVE-2019-3797 Source advisory: OSV:GHSA-JGMR-WRWX-MGFJ...

Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...