VDB
CVE-2019-3802
CVE-2019-3802
PUBLISHED
CVSS 3.5 LOW
Reported by dell · Published June 3, 2019
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Risk Scores
CVSS 3.0
3.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spring | Spring Data JPA | 2.1, 1.11 |
| Maven | org.springframework.data:spring-data-jpa | 1.11.0, 1.11.0 |
| Spring | Spring Data JPA | 2.1, 1.11, 2.1 |
Timeline
- Jun 3, 2019 CVE Published
- Oct 9, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3802 advisory