Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.hibernate/hibernate-core@4.1.11.Final

Type maven

Namespace org.hibernate

Name hibernate-core

Version 4.1.11.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.3.18

Latest_non_vulnerable_version 5.5.0.Beta1

Affected_by_vulnerabilities

url VCID-pxfj-dhfr-akhm

vulnerability_id VCID-pxfj-dhfr-akhm

summary

SQL Injection
A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25638

reference_id

reference_type

scores

value	0.00676
scoring_system	epss
scoring_elements	0.71878
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25638

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1881353

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1881353

reference_url

https://github.com/hibernate/hibernate-orm

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-orm

reference_url

https://github.com/hibernate/hibernate-orm/commit/36ebf7d3836e83e99f2a91777b5389e1daf1f2b7

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-orm/commit/36ebf7d3836e83e99f2a91777b5389e1daf1f2b7

reference_url

https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78

reference_url

https://github.com/hibernate/hibernate-orm/commit/d22bbb5c339c9df7712c3365bb1df97c91b35ec5

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-orm/commit/d22bbb5c339c9df7712c3365bb1df97c91b35ec5

reference_url

https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html

reference_url

https://www.debian.org/security/2021/dsa-4908

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4908

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25638

reference_id

CVE-2020-25638

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25638

reference_url	https://access.redhat.com/errata/RHSA-2020:5174
reference_id	RHSA-2020:5174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5174

reference_url	https://access.redhat.com/errata/RHSA-2020:5175
reference_id	RHSA-2020:5175
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5175

reference_url	https://access.redhat.com/errata/RHSA-2020:5254
reference_id	RHSA-2020:5254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5254

reference_url	https://access.redhat.com/errata/RHSA-2020:5302
reference_id	RHSA-2020:5302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5302

reference_url	https://access.redhat.com/errata/RHSA-2020:5340
reference_id	RHSA-2020:5340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5340

reference_url	https://access.redhat.com/errata/RHSA-2020:5341
reference_id	RHSA-2020:5341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5341

reference_url	https://access.redhat.com/errata/RHSA-2020:5342
reference_id	RHSA-2020:5342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5342

reference_url	https://access.redhat.com/errata/RHSA-2020:5344
reference_id	RHSA-2020:5344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5344

reference_url	https://access.redhat.com/errata/RHSA-2020:5361
reference_id	RHSA-2020:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5361

reference_url	https://access.redhat.com/errata/RHSA-2020:5388
reference_id	RHSA-2020:5388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5388

reference_url	https://access.redhat.com/errata/RHSA-2020:5533
reference_id	RHSA-2020:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5533

reference_url	https://access.redhat.com/errata/RHSA-2021:0292
reference_id	RHSA-2021:0292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0292

reference_url	https://access.redhat.com/errata/RHSA-2021:0600
reference_id	RHSA-2021:0600
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0600

reference_url	https://access.redhat.com/errata/RHSA-2021:0603
reference_id	RHSA-2021:0603
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0603

reference_url	https://access.redhat.com/errata/RHSA-2021:2039
reference_id	RHSA-2021:2039
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2039

reference_url	https://access.redhat.com/errata/RHSA-2021:2561
reference_id	RHSA-2021:2561
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2561

reference_url	https://access.redhat.com/errata/RHSA-2021:2562
reference_id	RHSA-2021:2562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2562

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url	pkg:maven/org.hibernate/hibernate-core@5.3.20.Final
purl	pkg:maven/org.hibernate/hibernate-core@5.3.20.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.20.Final

url	pkg:maven/org.hibernate/hibernate-core@5.4.24.Final
purl	pkg:maven/org.hibernate/hibernate-core@5.4.24.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.24.Final

aliases CVE-2020-25638, GHSA-j8jw-g6fq-mp7h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxfj-dhfr-akhm

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@4.1.11.Final

Package Instance