SQL Injection

nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...

CVE-2024-39677

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...