Description

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1666499

https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E

https://security.netapp.com/advisory/ntap-20220210-0020/

Related Vulnerabilities

CVE-2018-18854 Vulnerability in maven package io.spray:spray-json

CVE-2020-17521 Vulnerability in maven package org.codehaus.groovy:groovy

CVE-2021-39132 Vulnerability in maven package org.rundeck:rundeck-core

CVE-2020-15119 Vulnerability in maven package org.webjars.npm:auth0-lock

CVE-2020-26945 Vulnerability in maven package org.mybatis:mybatis

Severity

High

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Third Party Advisory