spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING
, ExampleMatcher.StringMatcher.ENDING
or ExampleMatcher.StringMatcher.CONTAINING
allows a user to retrieve more results than expected using a maliciously crafted example value.
CPE | Name | Operator | Version |
---|---|---|---|
spring data jpa | le | 1.11.21.RELEASE | |
spring data jpa | le | 2.1.7.RELEASE | |
spring data jpa | le | 1.11.21.RELEASE | |
spring data jpa | le | 2.1.7.RELEASE |