Spring Data JPA Information Disclosure Vulnerability
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
The information has been provided by Thaveethu Vignesh
The original article can be found at: https://pivotal.io/security/cve-2019-3802
Spring Data JPA is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application
- Spring Data JPA 2.1.6
- Spring Data JPA 2.0.14
- Spring Data JPA 1.11.20