Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSort
instances handed into user defined Spring Data repository query methods using manually declared JPQL queries are handed to the persistence provider as is and allow attackers to inject arbitrary JPQL into ORDER BY
clauses which they might use to draw conclusions about non-exposed fields based on the query result's element order changing depending on the injected JPQL.
This especially comes into play if the Sort
instances are created from untrustable sources, e.g. web request parameters.
Users of affected versions should apply the following mitigation:
The vulnerability was reported responsibly by Niklas Särökaari from Silverskin Information Security and Joona Immonen, Arto Santala, Antti Virtanen, Michael Holopainen and Antti Ahola from Solita.
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.