CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3802 – Additional information exposure with Spring Data JPA example matcher
https://notcve.org/view.php?id=CVE-2019-3802
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. Esto afecta a Spring Data JPA en versiones hasta 2.1.6, 2.0.14 y 1.11.20 inclusive. ExampleMatcher utilizando ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING o ExampleMatcher.StringMatcher.CONTAINING puede devolver más resultados de los anticipados cuando se proporciona un valor de ejemplo maliciosamente manipulado . • https://pivotal.io/security/cve-2019-3802 https://access.redhat.com/security/cve/CVE-2019-3802 https://bugzilla.redhat.com/show_bug.cgi?id=1730316 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •