VYPR
Medium severity5.6NVD Advisory· Published Oct 5, 2016· Updated Jun 17, 2026

CVE-2016-6652

CVE-2016-6652

Description

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.data:spring-data-jpaMaven
< 1.9.61.9.6
org.springframework.data:spring-data-jpaMaven
>= 1.10.0, < 1.10.41.10.4

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.