spring-data-jpa is vulnerable to information disclosure. Derived queries using any of the predicates startingWith
, endingWith
or containing
could return more results than anticipated when a maliciously crafted query parameter value is supplied. LIKE
expressions in manually defined queries could also return unexpected results if the parameter values bound did not have escaped reserved characters properly.
CPE | Name | Operator | Version |
---|---|---|---|
spring data jpa | le | 1.11.19.RELEASE | |
spring data jpa | le | 2.0.13.RELEASE | |
spring data jpa | le | 2.1.5.RELEASE |