Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-wpvf-5mc3-hv6m: Querydsl SQL/HQL injection

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

ghsa
Open in Source
#sql#vulnerability#web#git#java#maven

Skip to content

Navigation Menu

    • GitHub Copilot

      Write better code with AI

    • Security

      Find and fix vulnerabilities

    • Actions

      Automate any workflow

    • Codespaces

      Instant dev environments

    • Issues

      Plan and track work

    • Code Review

      Manage code changes

    • Discussions

      Collaborate outside of code

    • Code Search

      Find more, search less

  • Explore

    • Learning Pathways
    • White papers, Ebooks, Webinars
    • Customer Stories
    • Partners

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-49203

Querydsl SQL/HQL injection

High severity GitHub Reviewed Published Nov 20, 2024 to the GitHub Advisory Database • Updated Nov 21, 2024

Package

maven com.querydsl:querydsl-apt (Maven)

Affected versions

<= 5.1.0

maven com.querydsl:querydsl-jpa (Maven)

maven io.github.openfeign.querydsl:querydsl-apt (Maven)

maven io.github.openfeign.querydsl:querydsl-jpa (Maven)

Description

Published to the GitHub Advisory Database

Nov 20, 2024

Last updated

Nov 21, 2024

Related news

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

### Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier **CVE-2024-49203**. ### Details Vulnerable code may look as follows: ``` @GetMapping public List<Test> getProducts(@RequestParam("orderBy") String orderBy) { JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy)); JPAQuery<Test> orderedQuery = query.orderBy(order); return orderedQuery.fetch(); } ``` Where vulnerability is either caused by ```pathBuilder.get(orderBy)``` or the ```orderBy(order)``` method itself, based on where the security checks are expected. ...

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
ghsa