CxTyler
commented
3 years ago Issue still exists.
Open CxTyler opened 3 years ago
CxTyler
commented
3 years ago Issue still exists.
CxTyler
commented
3 years ago Issue still exists.
Description
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
MEDIUM Vulnerable Package issue exists @ org.hibernate:hibernate-core in branch master
Vulnerability ID: CVE-2019-14900
Package Name: org.hibernate:hibernate-core
Severity: MEDIUM
CVSS Score: 6.5
Publish Date: 2019-01-15T00:00:00
Current Package Version: 4.0.1.Final
Remediation Upgrade Recommendation: 5.3.18.Final
Link To SCA
Reference – NVD link