Homepage

org.hibernate:hibernate-core@5.3.37.Final vulnerabilities

  • latest version

    6.6.13.Final

  • latest non vulnerable version

    7.0.0.Beta5

  • first published

    16 years ago

  • latest version published

    4 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.hibernate:hibernate-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    SQL Injection

    org.hibernate:hibernate-core is a library providing Object/Relational Mapping (ORM) support to applications, libraries, and frameworks.

    Affected versions of this package are vulnerable to SQL Injection. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

    How to fix SQL Injection?

    Upgrade org.hibernate:hibernate-core to version 5.4.24.Final or higher.

    [,5.4.24.Final)
    Go back to all versions of this package