CVE-2024-39677 in coreالمعلومات

الملخص

بحسب MITRE • 08/07/2024

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

مسؤول

GitHub M

حجز

27/06/2024

إفشاء

08/07/2024

الاعتدال

تمت الموافقة

إدخال

VDB-270471

EPSS

0.00578

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!