383 matches found
CVE-2016-6652
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...
CVE-2016-6652
The CVE-2016-6652 vulnerability affects Spring Data JPA prior to 1.9.6 (Gosling SR6) and 1.10.x prior to 1.10.4 (Hopper SR4). When using a repository method that defines a String query with @Query, an attacker can execute arbitrary JPQL commands through a sort parameter (via QueryUtils.applySorti...
spring-data-commons
It is...