A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-12-02T14:36:24

Updated: 2024-08-04T15:40:35.438Z

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25638

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-02T15:15:12.377

Modified: 2024-11-21T05:18:18.350

Link: CVE-2020-25638

cve-icon Redhat

Severity : Important

Publid Date: 2020-10-01T00:00:00Z

Links: CVE-2020-25638 - Bugzilla