Description
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Remediation
References
https://pivotal.io/security/cve-2019-3802
Related Vulnerabilities
CVE-2023-40028 Vulnerability in npm package ghost
CVE-2023-31064 Vulnerability in maven package org.apache.inlong:manager-workflow
CVE-2018-1000113 Vulnerability in maven package org.jenkins-ci.plugins:testlink
CVE-2018-1000106 Vulnerability in maven package org.jenkins-ci.plugins:gerrit-trigger
CVE-2021-41184 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui