{"id":"CVE-2019-3802","details":"This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.","aliases":["GHSA-xggx-fx6w-v7ch"],"modified":"2026-04-10T04:18:06.004794Z","published":"2019-06-03T14:29:00.340Z","references":[{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2019-3802"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-data-jpa","events":[{"introduced":"cd4aea6a97c3ca9ab35f8f1e0860cd828f47dbd0"},{"last_affected":"e6495d020ab2eac7c4498d45f225ca4cbba34cca"},{"introduced":"f98af8a98d5ea76eca7e63f40e29f133d538e2f8"},{"last_affected":"92500a47c16d5641fae239bb299836a8154c9d5d"},{"introduced":"049a9e9c56cfe693a2aa4966ee0af8ce37acebfb"},{"last_affected":"452e550a638e46dd15fbb8434417d333882546b1"}],"database_specific":{"versions":[{"introduced":"1.11.0"},{"last_affected":"1.11.21"},{"introduced":"2.0.0"},{"last_affected":"2.0.14"},{"introduced":"2.1.0"},{"last_affected":"2.1.7"}]}}],"versions":["1.11.0.RELEASE","1.11.1.RELEASE","1.11.10.RELEASE","1.11.11.RELEASE","1.11.12.RELEASE","1.11.13.RELEASE","1.11.14.RELEASE","1.11.15.RELEASE","1.11.16.RELEASE","1.11.17.RELEASE","1.11.18.RELEASE","1.11.19.RELEASE","1.11.2.RELEASE","1.11.20.RELEASE","1.11.21.RELEASE","1.11.3.RELEASE","1.11.4.RELEASE","1.11.5.RELEASE","1.11.6.RELEASE","1.11.7.RELEASE","1.11.8.RELEASE","1.11.9.RELEASE","2.0.0.RELEASE","2.0.1.RELEASE","2.0.10.RELEASE","2.0.11.RELEASE","2.0.12.RELEASE","2.0.13.RELEASE","2.0.14.RELEASE","2.0.2.RELEASE","2.0.3.RELEASE","2.0.4.RELEASE","2.0.5.RELEASE","2.0.6.RELEASE","2.0.7.RELEASE","2.0.8.RELEASE","2.0.9.RELEASE","2.1.0.RELEASE","2.1.1.RELEASE","2.1.2.RELEASE","2.1.3.RELEASE","2.1.4.RELEASE","2.1.5.RELEASE","2.1.6.RELEASE","2.1.7.RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3802.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}