Lucene search
+L

10 matches found

vulnersOsv
vulnersOsv
added 2024/11/27 7:0 p.m.6 views

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), be.mogo.generator:mogo-generator-model (=1.0.0.RELEASE) +439 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-apt (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-apt MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =1.0.1, =1.0.1, =1.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

5.7AI score0.00391EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/27 7:0 p.m.6 views

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), au.net.causal.shoelaces:shoelaces-liquibase-integration-tests-common (=2.0) +940 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-jpa (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-jpa MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

5.7AI score0.00391EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/27 7:0 p.m.6 views

io.github.openfeign.querydsl:querydsl-jpa-codegen (>=5.0.1 <=5.6), io.github.zzagtung:querydsl-jpa-postgres-json (=0.1.1) potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-jpa MAVEN version =5.0.1, =5.0.1, =5.6 - io.github.zzagtung:querydsl-jpa-postgres-json =0.1.1 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

5.8AI score0.00391EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/27 7:0 p.m.6 views

io.github.openfeign.querydsl:querydsl-jpa-codegen (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa-spring (>=6.0.0.M2 <=6.10) +1 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10)

io.github.openfeign.querydsl:querydsl-jpa MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.10 - io.github.zzagtung:querydsl-jpa-postgres-json =0.2.0 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

5.8AI score0.00391EPSS
Exploits0
OSV
OSV
added 2024/11/27 7:0 p.m.5 views

GHSA-6Q3Q-6V5J-H6VG Querydsl vulnerable to HQL injection through orderBy

Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...

8.8CVSS5.9AI score0.00391EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/11/27 7:0 p.m.47 views

Querydsl vulnerable to HQL injection through orderBy

Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...

6.7AI score0.00391EPSS
Exploits0References9Affected Software4
NVD
NVD
added 2024/11/20 9:15 p.m.19 views

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

0.00391EPSS
Exploits0References10
Circl
Circl
added 2024/11/20 8:29 p.m.11 views

CVE-2024-49203

creationtimestamp| type| source ---|---|--- 2024-11-20 20:29:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113517173008672878 2024-11-20 22:57:16+00:00| seen| https://t.me/cvedetector/11662 2024-11-27 15:34:53+00:00| published-proof-of-concept|...

5.7AI score0.00391EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.27 views

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

0.00391EPSS
Exploits0References10
OSV
OSV
added 2024/11/20 12:0 a.m.10 views

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

7.3AI score0.00391EPSS
Exploits0References12
Rows per page
Query Builder