org.springframework.data:spring-data-jpa 1.0.0.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.data:spring-data-jpa package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories. Affected versions of this package are vulnerable to Information Exposure. Using `ExampleMatcher.StringMatcher.STARTING`, `ExampleMatcher.StringMatcher.ENDING` or `ExampleMatcher.StringMatcher.CONTAINING` could return more results than anticipated when a maliciously crafted example value is supplied. How to fix Information Exposure? Upgrade `org.springframework.data:spring-data-jpa` to version 1.11.22.RELEASE, 2.1.8.RELEASE or higher.	[,1.11.22.RELEASE)[2.0.0.RELEASE,2.1.8.RELEASE)
L Information Exposure org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories. Affected versions of this package are vulnerable to Information Exposure due to the usage of certain derived queries. A maliciously crafted query parameter value supplied with queries using `startingWith`, `endingWith`, `containing` or LIKE expressions could return more results than anticipated, resulting in information exposure. How to fix Information Exposure? Upgrade `org.springframework.data:spring-data-jpa` to version 2.0.14.RELEASE, 2.1.6.RELEASE, 1.11.20.RELEASE or higher.	[2.0.0.RELEASE,2.0.14.RELEASE)[2.1.0.RELEASE,2.1.6.RELEASE)[,1.11.20.RELEASE)
M SQL Injection org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories. Affected versions of this package are vulnerable to SQL Injection. Attackers to execute arbitrary JPQL commands via a sort instance with a function call, when used with a repository that defines a String query using the @Query annotation. How to fix SQL Injection? Upgrade `org.springframework.data:spring-data-jpa` to version 1.9.6.RELEASE, 1.10.4.RELEASE or higher.	[,1.9.6.RELEASE)[1.10.0.RELEASE,1.10.4.RELEASE)

Vulnerability

Vulnerable Version

Information Exposure

org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories.

Affected versions of this package are vulnerable to Information Exposure. Using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.

How to fix Information Exposure?

Upgrade org.springframework.data:spring-data-jpa to version 1.11.22.RELEASE, 2.1.8.RELEASE or higher.

[,1.11.22.RELEASE)[2.0.0.RELEASE,2.1.8.RELEASE)

Information Exposure

org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories.

Affected versions of this package are vulnerable to Information Exposure due to the usage of certain derived queries. A maliciously crafted query parameter value supplied with queries using startingWith, endingWith, containing or LIKE expressions could return more results than anticipated, resulting in information exposure.

How to fix Information Exposure?

Upgrade org.springframework.data:spring-data-jpa to version 2.0.14.RELEASE, 2.1.6.RELEASE, 1.11.20.RELEASE or higher.

[2.0.0.RELEASE,2.0.14.RELEASE)[2.1.0.RELEASE,2.1.6.RELEASE)[,1.11.20.RELEASE)

SQL Injection

org.springframework.data:spring-data-jpa is a package that is used to implement JPA based repositories.

Affected versions of this package are vulnerable to SQL Injection. Attackers to execute arbitrary JPQL commands via a sort instance with a function call, when used with a repository that defines a String query using the @Query annotation.

How to fix SQL Injection?

Upgrade org.springframework.data:spring-data-jpa to version 1.9.6.RELEASE, 1.10.4.RELEASE or higher.

[,1.9.6.RELEASE)[1.10.0.RELEASE,1.10.4.RELEASE)

org.springframework.data:spring-data-jpa@1.0.0.RELEASE vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?