10 matches found
ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), be.mogo.generator:mogo-generator-model (=1.0.0.RELEASE) +439 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-apt (>=4.0.0 <=5.1.0)
com.querydsl:querydsl-apt MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =1.0.1, =1.0.1, =1.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), au.net.causal.shoelaces:shoelaces-liquibase-integration-tests-common (=2.0) +940 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-jpa (>=4.0.0 <=5.1.0)
com.querydsl:querydsl-jpa MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =2.1.18 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
io.github.openfeign.querydsl:querydsl-jpa-codegen (>=5.0.1 <=5.6), io.github.zzagtung:querydsl-jpa-postgres-json (=0.1.1) potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=5.0.1 <=5.6)
io.github.openfeign.querydsl:querydsl-jpa MAVEN version =5.0.1, =5.0.1, =5.6 - io.github.zzagtung:querydsl-jpa-postgres-json =0.1.1 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
io.github.openfeign.querydsl:querydsl-jpa-codegen (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa-spring (>=6.0.0.M2 <=6.10) +1 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10)
io.github.openfeign.querydsl:querydsl-jpa MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.10 - io.github.zzagtung:querydsl-jpa-postgres-json =0.2.0 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...
GHSA-6Q3Q-6V5J-H6VG Querydsl vulnerable to HQL injection through orderBy
Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...
Querydsl vulnerable to HQL injection through orderBy
Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-49203
creationtimestamp| type| source ---|---|--- 2024-11-20 20:29:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113517173008672878 2024-11-20 22:57:16+00:00| seen| https://t.me/cvedetector/11662 2024-11-27 15:34:53+00:00| published-proof-of-concept|...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...