Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnZ3gtZng2dy12N2No
Improper Neutralization of Wildcards or Matching Symbols
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Permalink: https://github.com/advisories/GHSA-xggx-fx6w-v7chJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnZ3gtZng2dy12N2No
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: 8 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-xggx-fx6w-v7ch, CVE-2019-3802
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-3802
- https://pivotal.io/security/cve-2019-3802
- https://github.com/advisories/GHSA-xggx-fx6w-v7ch
Affected Packages
maven:org.springframework.data:spring-data-jpa
Versions: >= 2.0.0, <= 2.0.14, >= 2.1.0, < 2.1.8, < 1.11.22Fixed in: 2.1.8, 2.1.8, 1.11.22