Querydsl SQL/HQL injection · CVE-2024-49203 · GitHub Advisory Database · GitHub

Querydsl SQL/HQL injection

High severity GitHub Reviewed Published Nov 20, 2024 to the GitHub Advisory Database • Updated Nov 21, 2024

Package

com.querydsl:querydsl-apt (Maven)

Affected versions

<= 5.1.0

Patched versions

None

com.querydsl:querydsl-jpa (Maven)

<= 5.1.0

None

io.github.openfeign.querydsl:querydsl-apt (Maven)

<= 6.8

None

io.github.openfeign.querydsl:querydsl-jpa (Maven)

<= 6.8

None

Description

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

References

Published by the National Vulnerability Database

Nov 20, 2024

Published to the GitHub Advisory Database Nov 20, 2024

Reviewed Nov 21, 2024

Last updated Nov 21, 2024