DEBIAN-CVE-2020-25638

DEBIAN-CVE-2020-25638 PUBLISHED CVSS 7.400000095367432 HIGH

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:13	libhibernate3-java	0, 0, 0
Debian:12	libhibernate3-java	0, 0, 0
Debian:14	libhibernate3-java	0, 0, 0
Debian:11	libhibernate3-java	0, 0, 0

Timeline

Dec 2, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-25638 advisory

Open in Interactive Console →