CVE-2019-3802
Additional information exposure with Spring Data JPA example matcher
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
Spring · Spring Data JPAQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://pivotal.io/security/cve-2019-3802