Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2016-15018: Fix #18 SQLInjection vulnerability cleared · KrailOrg/krail-jpa@c1e8486

A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#google#apache#java

@@ -0,0 +1,57 @@

/*

*

* * Copyright © 2016. David Sowerby

* *

* * Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with

* * the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

* *

* * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on

* * an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the

* * specific language governing permissions and limitations under the License.

*

*/

package uk.q3c.krail.jpa.i18n;

import com.google.inject.Inject;

import org.apache.onami.persist.EntityManagerProvider;

import org.apache.onami.persist.PersistenceUnitModule;

import uk.q3c.krail.i18n.PatternCacheKey;

import uk.q3c.krail.jpa.persist.BaseJpaKeyValueDao;

import javax.annotation.Nonnull;

import java.util.Optional;

/**

* The default implementation of {@link JpaPatternDao}. The {@code entityManagerProvider} and {@code dao} are bound by {@link PersistenceUnitModule} to the

* annotation which is used in the injection of this class. (For example, if an instance of this class is annotated with @Jpa1, then the constructor parameters

* will also be bound with @Jpa1)

* <p>

* Created by David Sowerby on 15/04/15.

*/

public class DefaultJpaPatternDao extends BaseJpaKeyValueDao<PatternId, PatternCacheKey, JpaPatternEntity> implements JpaPatternDao {

@Inject

protected DefaultJpaPatternDao(EntityManagerProvider entityManagerProvider) {

super(entityManagerProvider, JpaPatternEntity.class);

}

@Override

protected JpaPatternEntity newEntity(PatternCacheKey cacheKey, String value) {

return new JpaPatternEntity(cacheKey, value);

}

@Override

protected PatternId newId(PatternCacheKey cacheKey) {

return new PatternId(cacheKey);

}

@Nonnull

@Override

public Optional<String> getValue(@Nonnull PatternCacheKey cacheKey) {

return getValueAsString(cacheKey);

}

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE