A flaw was found in Hibernate ORM in versions prior to 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an malicious user to access unauthorized information or possibly conduct further attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hibernate hibernate orm |
||
redhat decision manager 7.0 |
||
redhat openstack 10 |
||
redhat single sign-on - |
||
redhat jboss data grid 7.0.0 |
||
redhat jboss middleware text-only advisories - |
||
redhat openstack 14 |
||
redhat openstack 13 |
||
redhat jboss enterprise application platform - |
||
redhat build of quarkus - |
||
redhat fuse |
||
quarkus quarkus |
||
redhat jboss_enterprise_application_platform 7.3 |
||
redhat jboss_enterprise_application_platform 7.4 |
||
redhat jboss_enterprise_application_platform 7.2 |