ROOT-APP-MAVEN-CVE-2024-49203 CVE-2024-49203 in io.root.com.querydsl:querydsl-jpa - Patched by Root

Root has patched CVE-2024-49203 in the io.root.com.querydsl:querydsl-jpa package for Root:Maven. Multiple fixed versions available...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), be.mogo.generator:mogo-generator-model (=1.0.0.RELEASE) +436 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-apt (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-apt MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =1.0.1, =1.0.1, =1.0.1, =2.1.17 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

io.github.openfeign.querydsl:querydsl-jpa-codegen (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa-spring (>=6.0.0.M2 <=6.10) +1 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10)

io.github.openfeign.querydsl:querydsl-jpa MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.10 - io.github.zzagtung:querydsl-jpa-postgres-json =0.2.0 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

io.github.openfeign.querydsl:querydsl-jpa-codegen (>=5.0.1 <=5.6), io.github.zzagtung:querydsl-jpa-postgres-json (=0.1.1) potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-jpa MAVEN version =5.0.1, =5.0.1, =5.6 - io.github.zzagtung:querydsl-jpa-postgres-json =0.1.1 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

io.github.openfeign.querydsl:querydsl-collections (>=5.0.1 <=5.6), io.github.openfeign.querydsl:querydsl-hibernate-search (>=5.0.1 <=5.6) +6 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.6 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), au.net.causal.shoelaces:shoelaces-liquibase-integration-tests-common (=2.0) +931 more potentially affected by CVE-2024-49203 via com.querydsl:querydsl-jpa (>=4.0.0 <=5.1.0)

com.querydsl:querydsl-jpa MAVEN version =4.0.0, =cloud-0.1, =1.0.2.RELEASE, =1.0.0.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.2.7.RELEASE, =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =2.0.1, =2.1.17 and more Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

GHSA-6Q3Q-6V5J-H6VG Querydsl vulnerable to HQL injection through orderBy

Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...

io.github.openfeign.querydsl:querydsl-collections (>=6.0.0.M1 <=6.10), io.github.openfeign.querydsl:querydsl-jpa (>=6.0.0.M1 <=6.10) +2 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=6.0.0.M1 <=6.10)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =6.0.0.M1, =6.0.0.M1, =6.0.0.M1, =6.0.0.M2, =6.0.0.M1, =6.10 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

Duplicate Advisory: Querydsl SQL/HQL injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6q3q-6v5j-h6vg. This link is maintained to preserve external references. Original Description Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery...

GHSA-WPVF-5MC3-HV6M Duplicate Advisory: Querydsl SQL/HQL injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6q3q-6v5j-h6vg. This link is maintained to preserve external references. Original Description Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

Querydsl 安全漏洞

Querydsl is a framework from the Querydsl open source that supports building type-safe SQL-like queries for multiple backends. A security vulnerability exists in Querydsl version 5.1.0 that stems from allowing SQL or HQL injection in orderBy in JPAQuery...

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...

PT-2024-33345 · Unknown +1 · Openfeign Querydsl +1

Name of the Vulnerable Software and Affected Versions: Querydsl version 5.1.0 OpenFeign Querydsl version 6.8 Description: The issue allows SQL/HQL injection in the orderBy clause of JPAQuery. This is possible when untrusted input is directly used in query construction. Note that the Querydsl...

CVE-2024-49203

Summary: CVE-2024-49203 affects Querydsl 5.1.0 and OpenFeign Querydsl 6.8, enabling SQL/HQL injection in the orderBy path of JPAQuery. The issue arises from how untrusted input can influence the OrderSpecifier/orThe orderBy clause, potentially allowing information leakage or denial of service. Re...

Spring for GraphQL 1.0 Release

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...