Vulnerabilities > CVE-2019-3802 - Unspecified vulnerability in Pivotal Software Spring Data Java Persistance API

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pivotal-software

NVD

Published: 2019-06-03

Updated: 2021-10-29

Summary

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Spring Data Java Persistance API 1.11.0 Pivotal Software Spring Data Java Persistance API 1.11.1 Pivotal Software Spring Data Java Persistance API 1.11.2 Pivotal Software Spring Data Java Persistance API 1.11.3 Pivotal Software Spring Data Java Persistance API 1.11.4 Pivotal Software Spring Data Java Persistance API 1.11.5 Pivotal Software Spring Data Java Persistance API 1.11.6 Pivotal Software Spring Data Java Persistance API 1.11.7 Pivotal Software Spring Data Java Persistance API 1.11.8 Pivotal Software Spring Data Java Persistance API 1.11.9 Pivotal Software Spring Data Java Persistance API 1.11.10 Pivotal Software Spring Data Java Persistance API 1.11.11 Pivotal Software Spring Data Java Persistance API 1.11.12 Pivotal Software Spring Data Java Persistance API 1.11.13 Pivotal Software Spring Data Java Persistance API 1.11.14 Pivotal Software Spring Data Java Persistance API 1.11.15 Pivotal Software Spring Data Java Persistance API 1.11.16 Pivotal Software Spring Data Java Persistance API 1.11.17 Pivotal Software Spring Data Java Persistance API 1.11.18 Pivotal Software Spring Data Java Persistance API 1.11.19 Pivotal Software Spring Data Java Persistance API 1.11.20 Pivotal Software Spring Data Java Persistance API 1.11.21 Pivotal Software Spring Data Java Persistance API 2.0.0 Pivotal Software Spring Data Java Persistance API 2.0.1 Pivotal Software Spring Data Java Persistance API 2.0.2 Pivotal Software Spring Data Java Persistance API 2.0.3 Pivotal Software Spring Data Java Persistance API 2.0.4 Pivotal Software Spring Data Java Persistance API 2.0.5 Pivotal Software Spring Data Java Persistance API 2.0.6 Pivotal Software Spring Data Java Persistance API 2.0.7 Pivotal Software Spring Data Java Persistance API 2.0.8 Pivotal Software Spring Data Java Persistance API 2.0.9 Pivotal Software Spring Data Java Persistance API 2.0.10 Pivotal Software Spring Data Java Persistance API 2.0.11 Pivotal Software Spring Data Java Persistance API 2.0.12 Pivotal Software Spring Data Java Persistance API 2.0.13 Pivotal Software Spring Data Java Persistance API 2.0.14 Pivotal Software Spring Data Java Persistance API 2.1.0 Pivotal Software Spring Data Java Persistance API 2.1.1 Pivotal Software Spring Data Java Persistance API 2.1.2 Pivotal Software Spring Data Java Persistance API 2.1.3 Pivotal Software Spring Data Java Persistance API 2.1.4 Pivotal Software Spring Data Java Persistance API 2.1.5 Pivotal Software Spring Data Java Persistance API 2.1.6 Pivotal Software Spring Data Java Persistance API 2.1.7	59

References

https://pivotal.io/security/cve-2019-3802