Description
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
MEDIUM Vulnerable Package issue exists @ org.hibernate:hibernate-core in branch refs/heads/master
Vulnerability ID: CVE-2019-14900
Package Name: org.hibernate:hibernate-core
Severity: MEDIUM
CVSS Score: 6.5
Publish Date: 2019-01-15T00:00:00
Current Package Version: 4.0.1.Final
Remediation Upgrade Recommendation: 5.3.20.Final
Link To SCA
Reference – NVD link
Description
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
MEDIUM Vulnerable Package issue exists @ org.hibernate:hibernate-core in branch refs/heads/master
Vulnerability ID: CVE-2019-14900
Package Name: org.hibernate:hibernate-core
Severity: MEDIUM
CVSS Score: 6.5
Publish Date: 2019-01-15T00:00:00
Current Package Version: 4.0.1.Final
Remediation Upgrade Recommendation: 5.3.20.Final
Link To SCA
Reference – NVD link