Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2016-6652

Published: 05/10/2016 Updated: 01/07/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.6 | Impact Score: 3.4 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Spring Data Jpa

Vulnerability Summary

SQL injection vulnerability in Pivotal Spring Data JPA prior to 1.9.6 (Gosling SR6) and 1.10.x prior to 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows malicious users to execute arbitrary JPQL commands via a sort instance with a function call.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal software spring data jpa 1.10.2

pivotal software spring data jpa

References

CWE-89https://github.com/spring-projects/spring-data-jpa/commit/b8e7fehttps://pivotal.io/security/cve-2016-6652https://jira.spring.io/browse/DATAJPA-965http://www.securityfocus.com/bid/93276https://security.gentoo.org/glsa/201701-01https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook