krail-jpa ଯେପର୍ଯ୍ୟନ୍ତ 0.9.1 SQL ଇଞ୍ଜେକ୍ସନ

ଏଣ୍ଟ୍ରିଇତିହାସମିଶ୍ରଣ କରନ୍ତୁjsonxmlCTI

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu krail-jpa ଯେପର୍ଯ୍ୟନ୍ତ 0.9.1 keessatti argameera. Kan miidhamte is hojii hin beekamne. Hojii jijjiirraa gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 01/14/2023 maxxanfameera akka 18. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2016-15018tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa hin jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa c1e848665492e21ef6cc9be443205e36b9a1f6be dha. Sirreeffamni rakkoo github.com irratti buufachuuf qophaa’eera. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 72 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 01/14/2023 06:10 PM	ଅଦ୍ୟତନ 1/2 02/07/2023 02:34 PM	ଅଦ୍ୟତନ 2/2 02/07/2023 02:35 PM
software_name	krail-jpa	krail-jpa	krail-jpa
software_version	<=0.9.1	<=0.9.1	<=0.9.1
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	18	18	18
advisory_url	https://github.com/KrailOrg/krail-jpa/issues/18	https://github.com/KrailOrg/krail-jpa/issues/18	https://github.com/KrailOrg/krail-jpa/issues/18
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	0.9.2	0.9.2	0.9.2
countermeasure_upgrade_url	https://github.com/KrailOrg/krail-jpa/releases/tag/0.9.2	https://github.com/KrailOrg/krail-jpa/releases/tag/0.9.2	https://github.com/KrailOrg/krail-jpa/releases/tag/0.9.2
patch_name	c1e848665492e21ef6cc9be443205e36b9a1f6be	c1e848665492e21ef6cc9be443205e36b9a1f6be	c1e848665492e21ef6cc9be443205e36b9a1f6be
countermeasure_patch_url	https://github.com/KrailOrg/krail-jpa/commit/c1e848665492e21ef6cc9be443205e36b9a1f6be	https://github.com/KrailOrg/krail-jpa/commit/c1e848665492e21ef6cc9be443205e36b9a1f6be	https://github.com/KrailOrg/krail-jpa/commit/c1e848665492e21ef6cc9be443205e36b9a1f6be
countermeasure_advisoryquote	Pattern and Option DAOs re-written to a common key-value base class. Using composite primary key in place of surrogate key.	Pattern and Option DAOs re-written to a common key-value base class. Using composite primary key in place of surrogate key.	Pattern and Option DAOs re-written to a common key-value base class. Using composite primary key in place of surrogate key.
source_cve	CVE-2016-15018	CVE-2016-15018	CVE-2016-15018
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673650800 (01/14/2023)	1673650800 (01/14/2023)	1673650800 (01/14/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673650800 (01/14/2023)	1673650800 (01/14/2023)
cve_nvd_summary		A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability.	A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!