An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnZ3gtZng2dy12N2No

Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: 8 months ago

CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-xggx-fx6w-v7ch, CVE-2019-3802

Affected Packages
Versions: >= 2.0.0, <= 2.0.14, >= 2.1.0, < 2.1.8, < 1.11.22
Fixed in: 2.1.8, 2.1.8, 1.11.22