Vulnerabilities (CVE)

Filtered by vendor Hibernate Subscribe
Filtered by product Hibernate Orm
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25638 4 Debian, Hibernate, Oracle and 1 more 5 Debian Linux, Hibernate Orm, Communications Cloud Native Core Console and 2 more 2022-07-25 5.8 MEDIUM 7.4 HIGH
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2019-14900 3 Hibernate, Quarkus, Redhat 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more 2022-04-29 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.