Open armorcodegithubpreprod[bot] opened 5 months ago
armorcodegithubpreprod[bot]
commented
5 months ago Finding [47833549|https://preprod.armorcode.ai/#/findings/257/1167/47833549], [47833548|https://preprod.armorcode.ai/#/findings/257/1167/47833548] are Mitigated
by SYSTEM via ArmorCode Platform
armorcodegithubpreprod[bot]
commented
5 months ago Finding [47833548|https://preprod.armorcode.ai/#/findings/257/1167/47833548] , [47833549|https://preprod.armorcode.ai/#/findings/257/1167/47833549] status changed to Confirmed
Note:
by SYSTEM via ArmorCode Platform
Findings for SCA, High, [TheRedHatter/javagoof:todolist-core/pom.xml]:SQL Injection
Component Details
Overview
org.hibernate:hibernate-core is a library providing Object/Relational Mapping (ORM) support to applications, libraries, and frameworks.
Affected versions of this package are vulnerable to SQL Injection. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References
Snyk Project Status: Active
Component Details
Overview
org.hibernate:hibernate-core is a library providing Object/Relational Mapping (ORM) support to applications, libraries, and frameworks.
Affected versions of this package are vulnerable to SQL Injection. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
References
Snyk Project Status: Active