Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.data/spring-data-jpa@1.6.5.RELEASE

Type maven

Namespace org.springframework.data

Name spring-data-jpa

Version 1.6.5.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.9.6.RELEASE

Latest_non_vulnerable_version 2.1.8.RELEASE

Affected_by_vulnerabilities

url VCID-ht3j-b1y2-wqey

vulnerability_id VCID-ht3j-b1y2-wqey

summary

Improper Neutralization of Special Elements used in an SQL Command  Pivotal Spring Data JPA
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6652

reference_id

reference_type

scores

value	0.00317
scoring_system	epss
scoring_elements	0.55012
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6652

reference_url

https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-jpa/commit/b8e7fe

reference_url	https://github.com/spring-projects/spring-data-jpa/commit/b8e7fecccc7dc8edcabb4704656a7abe6352c08f
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-data-jpa/commit/b8e7fecccc7dc8edcabb4704656a7abe6352c08f

reference_url

https://jira.spring.io/browse/DATAJPA-965

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/DATAJPA-965

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6652

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6652

reference_url

https://pivotal.io/security/cve-2016-6652

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2016-6652

reference_url

https://security.gentoo.org/glsa/201701-01

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-01

reference_url

http://www.securityfocus.com/bid/93276

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/93276

reference_url	https://github.com/advisories/GHSA-xr4v-28rm-pvgw
reference_id	GHSA-xr4v-28rm-pvgw
reference_type
scores
url	https://github.com/advisories/GHSA-xr4v-28rm-pvgw

fixed_packages

url	pkg:maven/org.springframework.data/spring-data-jpa@1.9.6
purl	pkg:maven/org.springframework.data/spring-data-jpa@1.9.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-jpa@1.9.6

url	pkg:maven/org.springframework.data/spring-data-jpa@1.9.6.RELEASE
purl	pkg:maven/org.springframework.data/spring-data-jpa@1.9.6.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-jpa@1.9.6.RELEASE

url	pkg:maven/org.springframework.data/spring-data-jpa@1.10.4
purl	pkg:maven/org.springframework.data/spring-data-jpa@1.10.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-jpa@1.10.4

url	pkg:maven/org.springframework.data/spring-data-jpa@1.10.4.RELEASE
purl	pkg:maven/org.springframework.data/spring-data-jpa@1.10.4.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-jpa@1.10.4.RELEASE

aliases CVE-2016-6652, GHSA-xr4v-28rm-pvgw

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ht3j-b1y2-wqey

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-jpa@1.6.5.RELEASE

Package Instance