CVE-2019-11343
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11343
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11343.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-11343
- Aliases
- Published
- 2020-03-12T21:15:12Z
- Modified
- 2025-10-15T10:05:13.329664Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.
- References
Affected packages
Git / github.com/xjodoin/torpedoquery
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xjodoin/torpedoquery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
org.*
org.torpedoquery-1.5.1
org.torpedoquery-1.6.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.5.0
v1.7.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.5.2
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "src/test/java/org/torpedoquery/jpa/ValueOnGoingConditionTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"217559776959007376634397607752376878853",
"154193688315744292417120983480911393925",
"85227808638319143351436400361234778741",
"224325940672418478140207469490894755550"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-0e057f17"
},
{
"signature_type": "Function",
"target": {
"function": "createQueryFragment",
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/LikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "43018044944096108555650887486334032995",
"length": 138.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-0edf6159"
},
{
"signature_type": "Function",
"target": {
"function": "testWhereWithStringFunction",
"file": "src/test/java/org/torpedoquery/jpa/StringFunctionsTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "304366733340722434406338576169333494360",
"length": 319.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-191c6a49"
},
{
"signature_type": "Function",
"target": {
"function": "test_notLike_endsWith",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "288921583148202682196726703970537587453",
"length": 302.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-31098ffa"
},
{
"signature_type": "Function",
"target": {
"function": "test_notLike_any",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "265160437719170818845742614203034955950",
"length": 303.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-471a1768"
},
{
"signature_type": "Line",
"target": {
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/LikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"158191768476921154835277657020348456721",
"188074174264371706929159051992196990046",
"63938170373741848146007958968468655181",
"274695395509779369863269466964722788882",
"112362906143237105365739811783367009888",
"162981121743963442536385918494186721310",
"236570687234409738165841958503072955466",
"296007145538245229284594464952452860213",
"284460458254333090465345589444844180976",
"37889916604908687963117211907456032147",
"294718206985807217222048152369027161571",
"48902628428638091681322788449643127200",
"142789683858716999709864420919198467950",
"72245245488328810836390073959715821741",
"316309279211867063466906016646393143806",
"144514594678214378224502496254055133949",
"256819852748018633133182970582258768941",
"39131064809761268014004496326623621421",
"222575597652534388090420905054079190377",
"15057551346433094436178956838615244663",
"306763285188670353437593583890445829851",
"125478713356798053752770712080541494429",
"144507099795197228082720957502042766978",
"7093990029110155827508925256610593677",
"196968565946474151464200991682683349551",
"177763704477592105180853237933860057758",
"102088998691452957703587009647135455676",
"187794824112036416764639946427278622077"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-4eb84c51"
},
{
"signature_type": "Line",
"target": {
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"273816533047112130330497565710627334086",
"267714954255899184765657147053715455772",
"25602535072437739303386203263105461522",
"86481408299419176642942209737542340229",
"149527335218956097061471245739386647745",
"93519138869206791775783677009407967339",
"223137970908625885288790143702135412442",
"281264174160944700083453689203091595994",
"163508055529468304385799526553517701186",
"39546577277928692830460630153065054780",
"117634215025626324368607130573415375362",
"11930913408753264842052360037098481077",
"259250617085730971908557780719080299756",
"67378403509466058820646089811652081831",
"6850860390816755846477241236404249044",
"55402059494338806103509823814131040640",
"44129433656906188612226575430048970170",
"74481766087167631355610015824428527770",
"295437297700801237940691707966129992064",
"91819160066734252549676626901901328057",
"194020144092981477353426657786928598974",
"97148845600855981562744312133201593209",
"251711495175303524828871605906916623660",
"162794840178981171878972691152570114086"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-63551cdd"
},
{
"signature_type": "Line",
"target": {
"file": "src/test/java/org/torpedoquery/jpa/StringFunctionsTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"107464878721142585270034723140179300746",
"151201986086035173123108114246040622280",
"316011294558734316513120221734332171283",
"175309201522830388986645060061317798757",
"155849608814535919230408886523144301661",
"87178702799363181074893465255671421298",
"316011294558734316513120221734332171283",
"36865446067887693099180334956043590195",
"3111055031575621982946354074540644418",
"170822743744359217529734609772952173910",
"309197020353405833687804628882964285079",
"278010268050743968824901855776290377601"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-6443e863"
},
{
"signature_type": "Function",
"target": {
"function": "testLowerFunctionInCondition",
"file": "src/test/java/org/torpedoquery/jpa/ValueOnGoingConditionTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "255091968365249823470268678392361866031",
"length": 350.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-66d0a2e5"
},
{
"signature_type": "Function",
"target": {
"function": "NotLikeCondition",
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/NotLikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "20712446925385009035174374967041199677",
"length": 90.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-7bba4606"
},
{
"signature_type": "Line",
"target": {
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/ConditionBuilder.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265866652966157350533539130787398556111",
"260521687602420898469471774061215180535",
"48844388539213700420546029855454674539",
"158053631377812350162378905938513314514",
"50304113272933339725427061503191618078",
"329692004852178383421127571813666418993"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-8021906c"
},
{
"signature_type": "Function",
"target": {
"function": "testWhereWithLikeFunction",
"file": "src/test/java/org/torpedoquery/jpa/StringFunctionsTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "331095399819162217935759416592919666234",
"length": 306.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-827fe479"
},
{
"signature_type": "Function",
"target": {
"function": "test_like_startsWith",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "312170304072288922318230128478291900110",
"length": 298.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-9d34e64f"
},
{
"signature_type": "Function",
"target": {
"function": "getParameters",
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/LikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "327542834048855177303680042815055071833",
"length": 58.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-9e9c702e"
},
{
"signature_type": "Function",
"target": {
"function": "test_like_endsWith",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "218257778150286294674095739995465372853",
"length": 298.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-ac041ebf"
},
{
"signature_type": "Function",
"target": {
"function": "createLike",
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/ConditionBuilder.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "114040544832601790862149175321875062357",
"length": 175.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-c1731202"
},
{
"signature_type": "Function",
"target": {
"function": "testWhereWithNotLikeFunction",
"file": "src/test/java/org/torpedoquery/jpa/StringFunctionsTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "186359827210264212039276490246362564205",
"length": 310.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-d6d04684"
},
{
"signature_type": "Function",
"target": {
"function": "test_like_any",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "146921001949452160116537313650151620064",
"length": 299.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-eae537eb"
},
{
"signature_type": "Function",
"target": {
"function": "LikeCondition",
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/LikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "276849226725221505050513190310608889350",
"length": 125.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-f1bd6a2b"
},
{
"signature_type": "Line",
"target": {
"file": "src/main/java/org/torpedoquery/jpa/internal/conditions/NotLikeCondition.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"200367275519262231913651114133275996774",
"185112692837185542700016052317825420142",
"147567440528145201484901589570421079003",
"87857449971315108434190726694642628284",
"101812655583331627213228916774239160320",
"206577044265289914800376962997250520371",
"118099037431796987347822046741410454628",
"88550428755695114657769099068752938664"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-fc2a86d3"
},
{
"signature_type": "Function",
"target": {
"function": "test_notLike_startsWith",
"file": "src/test/java/org/torpedoquery/jpa/WhereClauseTest.java"
},
"source": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f",
"digest": {
"function_hash": "194700668405478309755886878062719337447",
"length": 302.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2019-11343-fc5532b2"
}
]