GHSA-wpvf-5mc3-hv6m: Duplicate Advisory: Querydsl SQL/HQL injection
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6q3q-6v5j-h6vg. This link is maintained to preserve external references.
Original Description
Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.
References
- github.com/CSIRTTrizna/CVE-2024-49203
- github.com/OpenFeign/querydsl
- github.com/advisories/GHSA-wpvf-5mc3-hv6m
- github.com/querydsl/querydsl
- github.com/querydsl/querydsl/issues/3757
- github.com/querydsl/querydsl/releases/tag/QUERYDSL_5_1_0
- nvd.nist.gov/vuln/detail/CVE-2024-49203
- www.csirt.sk/querydsl-java-library-vulnerability-permits-sql-hql-injection.html
Code Behaviors & Features
Detect and mitigate GHSA-wpvf-5mc3-hv6m with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →