CVE-2019-3802 is a vulnerability in Pivotal Software Spring Data Java Persistance Api
Published on June 3, 2019
Additional information exposure with Spring Data JPA example matcher
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Weakness Type
Improper Neutralization of Wildcards or Matching Symbols
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. As data is parsed, an injected element may cause the process to take unexpected actions.
Products Associated with CVE-2019-3802
Want to know whenever a new CVE is published for Pivotal Software Spring Data Java Persistance Api? stack.watch will email you.
Affected Versions
Spring Data JPA:- Version 2.1 and below 2.1.8.RELEASE is affected.
- Version 1.11 and below 1.11.22.RELEASE is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.