29 matches found
Duplicate Advisory: Querydsl SQL/HQL injection
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6q3q-6v5j-h6vg. This link is maintained to preserve external references. Original Description Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
Querydsl 安全漏洞
Querydsl is a framework from the Querydsl open source that supports building type-safe SQL-like queries for multiple backends. A security vulnerability exists in Querydsl version 5.1.0 that stems from allowing SQL or HQL injection in orderBy in JPAQuery...
CVE-2024-49203
Summary: CVE-2024-49203 affects Querydsl 5.1.0 and OpenFeign Querydsl 6.8, enabling SQL/HQL injection in the orderBy path of JPAQuery. The issue arises from how untrusted input can influence the OrderSpecifier/orThe orderBy clause, potentially allowing information leakage or denial of service. Re...
PT-2024-33345
Name of the Vulnerable Software and Affected Versions Querydsl version 5.1.0 OpenFeign Querydsl version 6.8 Description The issue allows SQL/HQL injection in the orderBy clause of JPAQuery. This is possible when untrusted input is directly used in query construction. Note that the Querydsl...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
Spring for GraphQL 1.0 Release
On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...