PT-2019-16730 · Spring · Spring Data Jpa
Thaveethu Vignesh
·
Publicado
2019-06-03
·
Atualizado
2021-10-29
·
CVE-2019-3802
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Spring Data JPA versions prior to 2.1.7
Spring Data JPA versions 2.0.x up to and including 2.0.14
Spring Data JPA versions 1.11.x up to and including 1.11.20
Description
The issue affects the ExampleMatcher in Spring Data JPA, where using
ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING, or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.Recommendations
For Spring Data JPA versions prior to 2.1.7, update to version 2.1.7 or later.
For Spring Data JPA versions 2.0.x up to and including 2.0.14, update to version 2.0.15 or later.
For Spring Data JPA versions 1.11.x up to and including 1.11.20, update to version 1.11.21 or later.
Correção
Information Disclosure
Improper Neutralization of Wildcards
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Spring Data Jpa