{"url":"http://public2.vulnerablecode.io/api/packages/45839?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1","type":"maven","namespace":"org.hibernate","name":"hibernate-core","version":"5.5.0.Beta1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0.Alpha2","latest_non_vulnerable_version":"6.0.0.Alpha2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64981?format=json","vulnerability_id":"VCID-qqu7-yqc6-rqab","summary":"org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4915","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4916","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4917","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4924","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6011","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6012","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6012"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0603.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0603","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18309","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18543","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18224","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18208","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1817","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18032","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18122","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18223","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18191","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18218","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18284","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18296","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18322","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0603"},{"reference_url":"https://github.com/hibernate/hibernate-orm","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427147","reference_id":"2427147","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427147"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7","reference_id":"cpe:/a:redhat:amq_broker:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai","reference_id":"cpe:/a:redhat:openshift_ai","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3","reference_id":"cpe:/a:redhat:openshift_devspaces:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6","reference_id":"cpe:/a:redhat:optaplanner:::el6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:optaplanner:::el6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-0603","reference_id":"CVE-2026-0603","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:25Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-0603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0603","reference_id":"CVE-2026-0603","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0603"},{"reference_url":"https://github.com/advisories/GHSA-2p5w-cvg5-gc5c","reference_id":"GHSA-2p5w-cvg5-gc5c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p5w-cvg5-gc5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068290?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@6.0.0.Alpha2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@6.0.0.Alpha2"}],"aliases":["CVE-2026-0603","GHSA-2p5w-cvg5-gc5c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqu7-yqc6-rqab"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12778?format=json","vulnerability_id":"VCID-qxnf-qs7c-4fby","summary":"SQL Injection in Hibernate ORM\nA flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14900.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14900","reference_id":"","reference_type":"","scores":[{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82419","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82404","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82383","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82362","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.8246","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82915","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82805","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82884","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82881","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82852","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/hibernate/hibernate-orm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36"},{"reference_url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0020","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900","reference_id":"CVE-2019-14900","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900"},{"reference_url":"https://github.com/advisories/GHSA-8grg-q944-cch5","reference_id":"GHSA-8grg-q944-cch5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8grg-q944-cch5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4252","reference_id":"RHSA-2020:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4960","reference_id":"RHSA-2020:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4961","reference_id":"RHSA-2020:4961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45837?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/222802?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.18.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"},{"vulnerability":"VCID-vdv3-7dwp-suab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.18.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/222821?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.18.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"},{"vulnerability":"VCID-vdv3-7dwp-suab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.18.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/45838?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/45839?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1"}],"aliases":["CVE-2019-14900","GHSA-8grg-q944-cch5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxnf-qs7c-4fby"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1"}