CVE-2019-3802

Summary

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.

Affected Software

VendorProductVersion RangeStatus
SpringSpring Data JPA2.1 < 2.1.8.RELEASEaffected
SpringSpring Data JPA1.11 < 1.11.22.RELEASEaffected

Weaknesses

  • CWE-155: CWE-155: Improper Neutralization of Wildcards or Matching Symbols

ADP Enrichment

CVE Program Container

Additional References

References