All the vulnerabilites related to Spring - Spring Data JPA
cve-2019-3802
Vulnerability from cvelistv5
Published
2019-06-03 13:47
Modified
2024-09-17 00:22
Severity ?
EPSS score ?
Summary
Additional information exposure with Spring Data JPA example matcher
References
▼ | URL | Tags |
---|---|---|
https://pivotal.io/security/cve-2019-3802 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Spring | Spring Data JPA |
Version: 2.1 < 2.1.8.RELEASE Version: 1.11 < 1.11.22.RELEASE |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://pivotal.io/security/cve-2019-3802" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Spring Data JPA", "vendor": "Spring", "versions": [ { "lessThan": "2.1.8.RELEASE", "status": "affected", "version": "2.1", "versionType": "custom" }, { "lessThan": "1.11.22.RELEASE", "status": "affected", "version": "1.11", "versionType": "custom" } ] } ], "datePublic": "2019-05-13T00:00:00", "descriptions": [ { "lang": "en", "value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-155", "description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-03T13:47:42", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://pivotal.io/security/cve-2019-3802" } ], "source": { "discovery": "UNKNOWN" }, "title": "Additional information exposure with Spring Data JPA example matcher", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-05-13T00:00:00.000Z", "ID": "CVE-2019-3802", "STATE": "PUBLIC", "TITLE": "Additional information exposure with Spring Data JPA example matcher" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Spring Data JPA", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_name": "2.1", "version_value": "2.1.8.RELEASE" }, { "affected": "\u003c", "version_affected": "\u003c", "version_name": "1.11", "version_value": "1.11.22.RELEASE" } ] } } ] }, "vendor_name": "Spring" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols" } ] } ] }, "references": { "reference_data": [ { "name": "https://pivotal.io/security/cve-2019-3802", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2019-3802" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2019-3802", "datePublished": "2019-06-03T13:47:42.791121Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T00:22:02.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }