Back to bug 1881353
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ted Jongseok Won | 2020-09-22 08:57:38 UTC | CC | security-response-team | |
| Eric Christensen | 2020-09-22 14:40:16 UTC | Summary | EMBARGOED hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used | EMBARGOED CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used |
| Alias | CVE-2020-25638 | |||
| Doc Text | A flaw was found in Hibernate ORM of all versions before and including 5.4.21.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | A flaw was found in Hibernate ORM in all versions prior to and including 5.4.21.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | ||
| Radovan STANCEL | 2020-09-23 15:56:34 UTC | Doc Type | --- | If docs needed, set a value |
| Eric Christensen | 2020-09-24 13:41:25 UTC | Doc Text | A flaw was found in Hibernate ORM in all versions prior to and including 5.4.21.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | A flaw was found in hibernate-core in versions prior to and including 5.4.21.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. |
| PnT Account Manager | 2020-10-20 21:11:16 UTC | CC | vhalbert | |
| Ted Jongseok Won | 2020-11-05 00:27:17 UTC | Deadline | 2020-11-24 | |
| Ted Jongseok Won | 2020-11-12 23:37:37 UTC | Doc Text | A flaw was found in hibernate-core in versions prior to and including 5.4.21.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. |
| Ted Jongseok Won | 2020-11-13 04:03:44 UTC | Group | security, qe_staff | |
| CC | hbraun, probinso, vhalbert | |||
| Deadline | 2020-11-24 | |||
| Summary | EMBARGOED CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used | CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used | ||
| Ted Jongseok Won | 2020-11-13 04:07:05 UTC | Comment | 0 | updated |
| errata-xmlrpc | 2020-11-23 13:27:43 UTC | Link ID | Red Hat Product Errata RHSA-2020:5174 | |
| errata-xmlrpc | 2020-11-23 13:34:17 UTC | Link ID | Red Hat Product Errata RHSA-2020:5175 | |
| Product Security DevOps Team | 2020-11-23 17:34:00 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2020-11-23 17:34:00 UTC | |||
| Chess Hazlett | 2020-11-30 16:40:17 UTC | Comment 28 is private | 1 | 0 |
| errata-xmlrpc | 2020-11-30 17:29:25 UTC | Link ID | Red Hat Product Errata RHSA-2020:5254 | |
| errata-xmlrpc | 2020-12-01 11:45:54 UTC | Link ID | Red Hat Product Errata RHSA-2020:5302 | |
| Ted Jongseok Won | 2020-12-02 05:31:03 UTC | Fixed In Version | Hibernate ORM 5.4.24.Final | |
| errata-xmlrpc | 2020-12-03 19:13:28 UTC | Link ID | Red Hat Product Errata RHSA-2020:5344 | |
| errata-xmlrpc | 2020-12-03 19:14:31 UTC | Link ID | Red Hat Product Errata RHSA-2020:5340 | |
| errata-xmlrpc | 2020-12-03 19:17:20 UTC | Link ID | Red Hat Product Errata RHSA-2020:5341 | |
| errata-xmlrpc | 2020-12-03 19:20:06 UTC | Link ID | Red Hat Product Errata RHSA-2020:5342 | |
| errata-xmlrpc | 2020-12-15 17:14:33 UTC | Link ID | Red Hat Product Errata RHSA-2020:5533 | |
| errata-xmlrpc | 2020-12-16 07:20:48 UTC | Link ID | Red Hat Product Errata RHSA-2020:5361 | |
| errata-xmlrpc | 2021-01-07 11:49:33 UTC | Link ID | Red Hat Product Errata RHSA-2020:5388 | |
| Paramvir jindal | 2021-01-08 08:52:30 UTC | See Also | https://issues.redhat.com/browse/ENTESB-14786, https://issues.redhat.com/browse/ENTESB-14787, https://issues.redhat.com/browse/ENTSBT-815, https://issues.redhat.com/browse/ENTSWM-914, https://issues.redhat.com/browse/IPT-181, https://issues.redhat.com/browse/JBDS-4881, https://issues.redhat.com/browse/JBEAP-20227, https://issues.redhat.com/browse/JBEAP-20228, https://issues.redhat.com/browse/JBEAP-20229, https://issues.redhat.com/browse/JBEAP-20230, https://issues.redhat.com/browse/JWS-1846, https://issues.redhat.com/browse/KEYCLOAK-15646, https://issues.redhat.com/browse/QUARKUS-427, https://issues.redhat.com/browse/RHDM-1452, https://issues.redhat.com/browse/RHPAM-3199 | |
| Paramvir jindal | 2021-01-08 08:59:38 UTC | See Also | https://issues.redhat.com/browse/RHDM-1559, https://issues.redhat.com/browse/RHPAM-3381 | |
| Paramvir jindal | 2021-01-20 06:06:56 UTC | See Also | https://issues.redhat.com/browse/ENTSBT-914 | |
| errata-xmlrpc | 2021-02-02 10:26:00 UTC | Link ID | Red Hat Product Errata RHSA-2021:0292 | |
| errata-xmlrpc | 2021-02-17 12:08:20 UTC | Link ID | Red Hat Product Errata RHSA-2021:0600 | |
| errata-xmlrpc | 2021-02-17 13:40:19 UTC | Link ID | Red Hat Product Errata RHSA-2021:0603 | |
| errata-xmlrpc | 2021-06-29 08:40:18 UTC | Link ID | Red Hat Product Errata RHSA-2021:2562 | |
| errata-xmlrpc | 2021-06-29 08:52:12 UTC | Link ID | Red Hat Product Errata RHSA-2021:2561 | |
| errata-xmlrpc | 2021-08-11 18:26:25 UTC | Link ID | Red Hat Product Errata RHSA-2021:3140 |
Back to bug 1881353