Vulnerability Database
289,598
Total vulnerabilities in the database
CVE-2019-14900
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
| Software | From | Fixed in |
|---|---|---|
| hibernate / hibernate_orm | - | 5.3.18 |
| hibernate / hibernate_orm | 5.4.0 | 5.4.18 |
| redhat / decision_manager | 7.0 | 7.0.x |
| redhat / openstack | 10 | 10.x |
| redhat / jboss_data_grid | 7.0.0 | 7.0.0.x |
| redhat / openstack | 14 | 14.x |
| redhat / openstack | 13 | 13.x |
| redhat / fuse | - | 7.8.0 |
| quarkus / quarkus | - | 1.5.2.x |
| redhat / jboss_enterprise_application_platform | 7.3 | 7.3.x |
| redhat / jboss_enterprise_application_platform | 7.4 | 7.4.x |
| redhat / jboss_enterprise_application_platform | 7.2 | 7.2.x |
org.infinispan / infinispan-hibernate-cache-v53
|
- | 5.3.18 |
|
org.infinispan / infinispan-hibernate-cache-v53
|
5.4.0 | 5.4.18 |
|
org.infinispan / infinispan-hibernate-cache-v53
|
5.5.0.Alpha1 | 5.5.0 |
- https://bugzilla.redhat.com/show_bug.cgi?id=1666499
- https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E
- https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E
- https://security.netapp.com/advisory/ntap-20220210-0020/