A flaw was found in hibernate-core in versions prior to 5.3.20.Final and from 5.4.0.CR1 to 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
HIGH Vulnerable Package issue exists @ org.hibernate:hibernate-core in branch refs/heads/master
Description
A flaw was found in hibernate-core in versions prior to 5.3.20.Final and from 5.4.0.CR1 to 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
HIGH Vulnerable Package issue exists @ org.hibernate:hibernate-core in branch refs/heads/master
Vulnerability ID: CVE-2020-25638
Package Name: org.hibernate:hibernate-core
Severity: HIGH
CVSS Score: 7.4
Publish Date: 2020-09-22T16:32:00
Current Package Version: 4.0.1.Final
Remediation Upgrade Recommendation: 4.1.3.Final-redhat-1
Link To SCA
Reference – NVD link