LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...