Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Vulnerability Description
NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
NHibernate 安全漏洞
Vulnerability Description
NHibernate是NHibernate开源的一个成熟的、开源的对象关系映射器。 NHibernate存在安全漏洞。攻击者利用该漏洞可以在用户端直接使用ObjectToSQLString方法构建SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A