Lucene search
Veracode Vulnerability DatabaseVERACODE:18698HistoryMay 15, 2019 - 6:29 a.m.
Information Disclosure
2019-05-1506:29:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.001 Low
EPSS
Percentile
36.1%
spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING allows a user to retrieve more results than expected using a maliciously crafted example value.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring data jpa | le | 1.11.21.RELEASE | |
| spring data jpa | le | 2.1.7.RELEASE | |
| spring data jpa | le | 1.11.21.RELEASE | |
| spring data jpa | le | 2.1.7.RELEASE |
References
Related
osv
osv
CVE-2019-3802
2019-06-03 14:29:00
Improper Neutralization of Wildcards or Matching Symbols
2019-06-04 15:42:15
cve
cve
CVE-2019-3802
2019-06-03 14:29:00
nvd
nvd
CVE-2019-3802
2019-06-03 14:29:00
github
github
Improper Neutralization of Wildcards or Matching Symbols
2019-06-04 15:42:15
redhatcve
redhatcve
CVE-2019-3802
2019-07-16 12:51:29
cvelist
cvelist
prion
prion
Design/Logic Flaw
2019-06-03 14:29:00
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22