Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivotal Spring Data JPA SQL注入漏洞
Vulnerability Description
Pivotal Software Spring Data JPA是美国Pivotal Software公司的一套用于简化并创建基于JPA的数据访问层开发的应用程序。 Pivotal Spring Data JPA 1.9.6(Gosling SR6)版本和1.10.4之前的1.10.x版本中存在SQL注入漏洞。攻击者可利用该漏洞执行任意JPQL命令。
CVSS Information
N/A
Vulnerability Type
N/A