JVN#90729322: Hibernate ORM vulnerable to SQL injection
Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...