{"id":"CVE-2024-39677","summary":"NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities","details":"NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL queries referencing a static field of the application; users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value; and any direct use of the ObjectToSQLString methods for building SQL queries on the user side. This vulnerability is fixed in 5.4.9 and 5.5.2.","aliases":["GHSA-fg4q-ccq8-3r5q"],"modified":"2026-04-10T05:15:52.079527Z","published":"2024-07-08T14:52:39.053Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39677.json","cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39677.json"},{"type":"ADVISORY","url":"https://github.com/nhibernate/nhibernate-core/security/advisories/GHSA-fg4q-ccq8-3r5q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39677"},{"type":"REPORT","url":"https://github.com/nhibernate/nhibernate-core/issues/3516"},{"type":"FIX","url":"https://github.com/nhibernate/nhibernate-core/commit/b4a69d1a5ff5744312478d70308329af496e4ba9"},{"type":"FIX","url":"https://github.com/nhibernate/nhibernate-core/pull/3517"},{"type":"FIX","url":"https://github.com/nhibernate/nhibernate-core/pull/3547"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nhibernate/nhibernate-core","events":[{"introduced":"0"},{"fixed":"ac2ff3a0d0f3ef7385410f1d93f8dde63f2e1475"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.4.9"}]}},{"type":"GIT","repo":"https://github.com/nhibernate/nhibernate-core","events":[{"introduced":"6933bf0fabce38c3b8a96f73724e20e23d66ba82"},{"fixed":"39de4d9efca7f653d31f9e04149a5700cfe9e72a"}],"database_specific":{"versions":[{"introduced":"5.5.0"},{"fixed":"5.5.2"}]}}],"versions":["1.2.0.Alpha1","1.2.0.Beta1","1.2.0.Beta2","1.2.0.Beta3","1.2.0.CR1","3.0.0.Alpha1","3.0.0GA","3.1.0GA","3.2.0.Alpha1","3.2.0.Alpha2","3.2.0GA","3.3.0.CR1","3.3.0GA","4.0.0.Alpha1","4.0.0.Alpha2","4.0.0.CR1","4.0.0.GA","4.0.1.GA","4.1.0.CR1","5.0.0","5.0.1","5.1.0","5.1.1","5.2.0","5.2.1","5.3.0","5.4.0","5.4.1","5.4.2","5.4.3","5.4.4","5.4.5","5.4.6","5.4.7","5.4.8","5.5.0","5.5.1","Pre_2-1_Refactor","alpha_0-2-0-0","alpha_0-3-0-0","alpha_0-3-0-0_pre-avalon-proxy","alpha_0-4-0-0","beta_0-6-0-0","beta_0-8-0-0","beta_0-8-1-0","beta_0-8-2-0","beta_0-8-3-0","beta_0-8-4-0","beta_0-9-0-0","beta_0-9-1-0","prealpha_0-1-0-0","rc_0-99-1-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39677.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}