Vulnerabilities

 1 via 1 paths

Dependencies

 38

Source

 GitHub

Commit

 8e0ad4a9

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 3
Severity
  • 1
  • 3
Status
  • 4
  • 0
  • 0

critical severity

SQL Injection

  • Vulnerable module: org.postgresql:postgresql
  • Introduced through: org.postgresql:postgresql@42.5.4

Detailed paths

  • Introduced through: RedisGears/rghibernate@RedisGears/rghibernate#8e0ad4a93bd31d8ec32445c1b22dc273c7fbdaed org.postgresql:postgresql@42.5.4
    Remediation: Upgrade to org.postgresql:postgresql@42.5.5.

Overview

org.postgresql:postgresql is a Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database.

Affected versions of this package are vulnerable to SQL Injection when using PreferQueryMode=SIMPLE, which is not the default setting. By passing in a numeric value placeholder immediately preceded by a minus and followed by a second placeholder for a string value, on the same line, an attacker can construct a payload that alters the parameterized query into which it is interpolated. This effectively bypasses the protections against SQL Injection that parameterized queries offer.

Remediation

Upgrade org.postgresql:postgresql to version 42.2.28.jre7, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 or higher.

References

SQL Injection vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate:hibernate-core
  • Introduced through: org.hibernate:hibernate-core@5.6.7.Final

Detailed paths

  • Introduced through: RedisGears/rghibernate@RedisGears/rghibernate#8e0ad4a93bd31d8ec32445c1b22dc273c7fbdaed org.hibernate:hibernate-core@5.6.7.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.common:hibernate-commons-annotations
  • Introduced through: org.hibernate:hibernate-core@5.6.7.Final

Detailed paths

  • Introduced through: RedisGears/rghibernate@RedisGears/rghibernate#8e0ad4a93bd31d8ec32445c1b22dc273c7fbdaed org.hibernate:hibernate-core@5.6.7.Final org.hibernate.common:hibernate-commons-annotations@5.1.2.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.mariadb.jdbc:mariadb-java-client
  • Introduced through: org.mariadb.jdbc:mariadb-java-client@2.7.5

Detailed paths

  • Introduced through: RedisGears/rghibernate@RedisGears/rghibernate#8e0ad4a93bd31d8ec32445c1b22dc273c7fbdaed org.mariadb.jdbc:mariadb-java-client@2.7.5

LGPL-2.1 license

LGPL-2.1 license vulnerability report