org.springframework.data:spring-data-jpa

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework.data:spring-data-jpapage 1 of 1

CVE-2016-6652MEDIUMCVSS 5.6EG 5.6✓ Fixed in 1.10.4
2016-10-05
vulnerable: 1.10.0.RELEASE, 1.10.1.RELEASE, 1.10.2.RELEASE, 1.10.3.RELEASE
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbit…
CVE-2019-3797LOWCVSS 3.5✓ Fixed in 2.1.6
2019-05-06
vulnerable: 2.1.0.RELEASE ... 2.1.5.RELEASE (6 versions)
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a …
CVE-2019-3802MEDIUMCVSS 5.3✓ Fixed in 1.11.22
2019-06-03
vulnerable: 1.0.0.RELEASE ... 1.9.6.RELEASE (79 versions)
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return…

Check whether org.springframework.data:spring-data-jpa is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.data:spring-data-jpa CVEs against the assets you own.

Start Free Scan →