CVE-2019-3802
3.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring Data JPA | 2.1 < 2.1.8.RELEASE | affected |
| Spring | Spring Data JPA | 1.11 < 1.11.22.RELEASE | affected |
Weaknesses
- CWE-155: CWE-155: Improper Neutralization of Wildcards or Matching Symbols
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.