'How can CVE-2020-25638 be reproduced?

There was a recent SQL injection bug in hibernate

http://jvn.jp/en/jp/JVN90729322/index.html

I find it intriguing that the error is related to comments. Is that supposed to happen when a query has a parameter inside a comment? What does that even mean?

I haven't found any example on how to reproduce it, or write up. Could someone explain what is the CVE about?

hibernate


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Using @Fetch(FetchMode.Join) in Hibernate

Error creating bean with name 'entityManagerFactory'

How to run gradle based spring boot application in background using command line in ubuntu?

Hibernate: org.hibernate.service.spi.ServiceException: Unable to create requested service [org.hibernate.engine.spi.CacheImplementor]

How to read geography values using hibernate?

Hibernate throws org.hibernate.AnnotationException: No identifier specified for entity: com..domain.idea.MAE_MFEView

org.hibernate.QueryParameterException: could not locate named parameter [userId]

Hibernate cascade save parent and children - parent key not found

Spring Hibernate Jackson Hibernate5Module

not-null property references a null or transient value

How to fix org.hibernate.LazyInitializationException - could not initialize proxy - no Session

Hibernate not persisting enums (as String)

Calling Hibernate in background threads in grails

Getting a nullpointerexception for my EntityManager

Hibernate : Why is it trying to drop/create database on startup?