Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSort
instances handed into user defined Spring Data repository query methods using manually declared JPQL queries are handed to the persistence provider as is and allow attackers to inject arbitrary JPQL into ORDER BY
clauses which they might use to draw conclusions about non-exposed fields based on the query result's element order changing depending on the injected JPQL.
This especially comes into play if the Sort
instances are created from untrustable sources, e.g. web request parameters.
Users of affected versions should apply the following mitigation:
The vulnerability was reported responsibly by Niklas Särökaari from Silverskin Information Security and Joona Immonen, Arto Santala, Antti Virtanen, Michael Holopainen and Antti Ahola from Solita.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy