Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13cHZmLTVtYzMtaHY2bc4ABBmm

Querydsl SQL/HQL injection

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

Permalink: https://github.com/advisories/GHSA-wpvf-5mc3-hv6m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHZmLTVtYzMtaHY2bc4ABBmm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 days ago
Updated: 1 day ago

Identifiers: GHSA-wpvf-5mc3-hv6m, CVE-2024-49203
References:

Repository: https://github.com/querydsl/querydsl
Blast Radius: 0.0

Affected Packages

maven:io.github.openfeign.querydsl:querydsl-apt

Affected Version Ranges: <= 6.8
No known fixed version

maven:io.github.openfeign.querydsl:querydsl-jpa

Affected Version Ranges: <= 6.8
No known fixed version

maven:com.querydsl:querydsl-apt

Dependent packages: 269
Dependent repositories: 6,050
Downloads:
Affected Version Ranges: <= 5.1.0
No known fixed version
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 5.0.0, 5.1.0

maven:com.querydsl:querydsl-jpa

Dependent packages: 329
Dependent repositories: 8,955
Downloads:
Affected Version Ranges: <= 5.1.0
No known fixed version
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 5.0.0, 5.1.0