CVE-2024-39677 in coreИнформация

Сводка

по MITRE • 08.07.2024

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Ответственный

GitHub M

Резервировать

27.06.2024

Раскрытие

08.07.2024

Модерация

принято

Вход

VDB-270471

EPSS

0.00578

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!