VYPR

Maven package

org.springframework.data/spring-data-jpa

pkg:maven/org.springframework.data/spring-data-jpa

Vulnerabilities (3)

  • CVE-2019-3802Jun 3, 2019
    affected >= 2.1.0, < 2.1.8fixed 2.1.8

    This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a mal

  • CVE-2019-3797May 6, 2019
    affected < 1.11.20fixed 1.11.20

    This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied

  • CVE-2016-6652MedOct 5, 2016
    affected < 1.9.6fixed 1.9.6

    SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance wi