<org.hibernate.sql.Insert: java.lang.String toStatementString()>
at <org.hibernate.persister.entity.AbstractEntityPersister: java.lang.String generateIdentityInsertString(boolean[])> (org.hibernate.persister.entity.AbstractEntityPersister.java:[2790]) in /.m2/repository/org/hibernate/hibernate-core/4.3.8.Final/hibernate-core-4.3.8.Final.jar
at <org.hibernate.persister.entity.AbstractEntityPersister: void doLateInit()> (org.hibernate.persister.entity.AbstractEntityPersister.java:[4012]) in /.m2/repository/org/hibernate/hibernate-core/4.3.8.Final/hibernate-core-4.3.8.Final.jar
at <org.hibernate.persister.entity.AbstractEntityPersister: void postInstantiate()> (org.hibernate.persister.entity.AbstractEntityPersister.java:[4015]) in /.m2/repository/org/hibernate/hibernate-core/4.3.8.Final/hibernate-core-4.3.8.Final.jar
at <org.hibernate.internal.SessionFactoryImpl: void <init>(org.hibernate.cfg.Configuration,org.hibernate.engine.spi.Mapping,org.hibernate.service.ServiceRegistry,org.hibernate.cfg.Settings,org.hibernate.SessionFactoryObserver)> (org.hibernate.internal.SessionFactoryImpl.java:[481]) in /.m2/repository/org/hibernate/hibernate-core/4.3.8.Final/hibernate-core-4.3.8.Final.jar
at <org.hibernate.cfg.Configuration: org.hibernate.SessionFactory buildSessionFactory(org.hibernate.service.ServiceRegistry)> (org.hibernate.cfg.Configuration.java:[1859]) in /.m2/repository/org/hibernate/hibernate-core/4.3.8.Final/hibernate-core-4.3.8.Final.jar
at <com.utils.HibernateUtils: void <clinit>()> (com.utils.HibernateUtils.java:[33]) in /detect/unzip/biubiu-master/target/classes
Hi, In biubiu,there is a dependency org.hibernate:hibernate-core:4.3.8.Final that calls the risk method.
CVE-2020-25638
The scope of this CVE affected version is [,5.4.24.Final)
After further analysis, in this project, the main Api called is <org.hibernate.sql.Insert: java.lang.String toStatementString()>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 7
Dependency tree--
Suggested solutions:
Update dependency version to 5.4.24.Final
Thank you very much.