Maruthi Adithya G

**Name of the Vulnerable Software and Affected Versions** Spring Data JPA versions up to and including 2.1.5 Spring Data JPA version 2.0.13 Spring Data JPA version 1.11.19 **Description** The issue affects derived queries that use certain predicates, such as `startingWith`, `endingWith`, or `containing`. When a maliciously crafted query parameter value is supplied, these queries could return more results than anticipated. Additionally, LIKE expressions in manually defined queries may return unexpected results if the parameter values bound do not have escaped reserved characters properly. **Recommendations** For Spring Data JPA version 2.1.5, update to a version that includes the necessary fixes to prevent unexpected query results. For Spring Data JPA version 2.0.13, update to a version that includes the necessary fixes to prevent unexpected query results. For Spring Data JPA version 1.11.19, update to a version that includes the necessary fixes to prevent unexpected query results. As a temporary workaround, consider properly escaping reserved characters in query parameter values to minimize the risk of exploitation.