CVE-2016-6652

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_data_jpa:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_data_jpa:*:*:*:*:*:*:*:*

Information

Published : 2016-10-05 09:59

Updated : 2017-06-30 18:30


NVD link : CVE-2016-6652

Mitre link : CVE-2016-6652


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

pivotal_software

  • spring_data_jpa