Back to search
CVE-2016-6652
Published: Oct 5, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
93276
vdb-entry
x_refsource_BID
https://jira.spring.io/browse/DATAJPA-965
x_refsource_CONFIRM
https://pivotal.io/security/cve-2016-6652
x_refsource_CONFIRM
GLSA-201701-01
vendor-advisory
x_refsource_GENTOO
https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now