{"url":"http://public2.vulnerablecode.io/api/packages/60547?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1","type":"maven","namespace":"org.hibernate","name":"hibernate-core","version":"5.5.0.Beta1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.3.18","latest_non_vulnerable_version":"5.5.0.Beta1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42345?format=json","vulnerability_id":"VCID-xxh5-tf1w-e3c8","summary":"SQL Injection in Hibernate ORM\nA flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499"},{"reference_url":"https://github.com/hibernate/hibernate-orm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-orm"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36"},{"reference_url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0020","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220210-0020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900","reference_id":"CVE-2019-14900","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900"},{"reference_url":"https://github.com/advisories/GHSA-8grg-q944-cch5","reference_id":"GHSA-8grg-q944-cch5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8grg-q944-cch5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60545?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/60546?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/60547?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1"}],"aliases":["CVE-2019-14900","GHSA-8grg-q944-cch5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxh5-tf1w-e3c8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1"}