6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-14900

GHSA ID

GHSA-8grg-q944-cch5

EPSS Score

0.7984%

CWE

CWE-89

Published

2/10/2022

Updated

6/27/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-14900

CVE-2019-14900: SQL Injection in Hibernate ORM

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-14900

GHSA ID

GHSA-8grg-q944-cch5

EPSS Score

0.7984%

CWE

CWE-89

Published

2/10/2022

Updated

6/27/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.hibernate:hibernate-core	maven	< 5.3.18	5.3.18
org.hibernate:hibernate-core	maven	>= 5.4.0, < 5.4.18	5.4.18
org.hibernate:hibernate-core	maven	>= 5.5.0.Alpha1, < 5.5.0.Beta1	5.5.0.Beta1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper sanitization in JPA Criteria API literal handling. The commit diff shows critical changes to LiteralExpression.java's renderProjection() method, specifically moving Character handling earlier and using inlineLiteral(literal.toString()) instead of handler.render(literal). This indicates the original implementation lacked proper escaping for Character literals in projection/group by contexts, making it vulnerable to SQL injection when user-controlled literals were used in these clauses.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in *i**rn*t* ORM in v*rsions ***or* *.*.**, *.*.** *n* *.*.*.**t**. * SQL inj**tion in t** impl*m*nt*tion o* t** JP* *rit*ri* *PI **n p*rmit uns*nitiz** lit*r*ls w**n * lit*r*l is us** in t** S*L**T or *ROUP *Y p*rts o* t** qu*ry. T*

Reasoning

T** vuln*r**ility st*ms *rom improp*r s*nitiz*tion in JP* *rit*ri* *PI lit*r*l **n*lin*. T** *ommit *i** s*ows *riti**l ***n**s to `Lit*r*l*xpr*ssion.j*v*`'s `r*n**rProj**tion()` m*t*o*, sp**i*i**lly movin* ***r**t*r **n*lin* **rli*r *n* usin* `inlin

6.5

Basic Information

Concerned about an active attack path?

CVE-2019-14900: SQL Injection in Hibernate ORM

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI