CVE-2016-6652 - OpenCVE

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Spring Data Jpa

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:spring_data_jpa::::::::
	cpe:2.3:a:pivotal_software:spring_data_jpa:1.10.2:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93276
https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe
https://jira.spring.io/browse/DATAJPA-965
https://pivotal.io/security/cve-2016-6652
https://security.gentoo.org/glsa/201701-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-10-05T16:00:00

Updated: 2024-08-06T01:36:29.349Z

Reserved: 2016-08-10T00:00:00

Link: CVE-2016-6652

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-05T16:59:04.757

Modified: 2017-07-01T01:30:02.877

Link: CVE-2016-6652

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "93276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93276"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.spring.io/browse/DATAJPA-965"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2016-6652"}, {"name": "GLSA-201701-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-6652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93276"}, {"name": "https://jira.spring.io/browse/DATAJPA-965", "refsource": "CONFIRM", "url": "https://jira.spring.io/browse/DATAJPA-965"}, {"name": "https://pivotal.io/security/cve-2016-6652", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-6652"}, {"name": "GLSA-201701-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-01"}, {"name": "https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe", "refsource": "CONFIRM", "url": "https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:29.349Z"}, "title": "CVE Program Container", "references": [{"name": "93276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93276"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.spring.io/browse/DATAJPA-965"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2016-6652"}, {"name": "GLSA-201701-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-6652", "datePublished": "2016-10-05T16:00:00", "dateReserved": "2016-08-10T00:00:00", "dateUpdated": "2024-08-06T01:36:29.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_data_jpa:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9D14B1D-9109-44A3-857D-DC0B5D231EB2", "versionEndIncluding": "1.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_data_jpa:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "6731D068-C551-4607-A722-E2AD21268531", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en Pivotal Spring Data JPA en versiones anteriores a 1.9.6 (Gosling SR6) y 1.10.x en versiones anteriores a 1.10.4 (Hopper SR4), cuando se utiliza con un repositorio que define una consulta String usando la anotaci\u00f3n @Query, permite a atacantes ejecutar comandos JPQL arbitrarios a trav\u00e9s de una instancia de clase con una llamada a la funci\u00f3n."}], "id": "CVE-2016-6652", "lastModified": "2017-07-01T01:30:02.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T16:59:04.757", "references": [{"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/93276"}, {"source": "security_alert@emc.com", "tags": ["Patch"], "url": "https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe"}, {"source": "security_alert@emc.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://jira.spring.io/browse/DATAJPA-965"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-6652"}, {"source": "security_alert@emc.com", "url": "https://security.gentoo.org/glsa/201701-01"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}