Search for packages
| purl | pkg:maven/org.springframework.data/spring-data-jpa@1.3.5.RELEASE |
| Next non-vulnerable version | 1.9.6.RELEASE |
| Latest non-vulnerable version | 2.1.8.RELEASE |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-tdbv-p3up-vfgv
Aliases: CVE-2016-6652 GHSA-xr4v-28rm-pvgw |
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:54:33.817701+00:00 | GitLab Importer | Affected by | VCID-tdbv-p3up-vfgv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-jpa/CVE-2016-6652.yml | 38.4.0 |
| 2026-04-11T23:09:51.500457+00:00 | GitLab Importer | Affected by | VCID-tdbv-p3up-vfgv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-jpa/CVE-2016-6652.yml | 38.3.0 |
| 2026-04-02T23:18:36.592553+00:00 | GitLab Importer | Affected by | VCID-tdbv-p3up-vfgv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-jpa/CVE-2016-6652.yml | 38.1.0 |
| 2026-04-01T17:38:56.922358+00:00 | GitLab Importer | Affected by | VCID-tdbv-p3up-vfgv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-jpa/CVE-2016-6652.yml | 38.0.0 |