CVE-2024-49203
Published Nov 20, 2024
Last updated 6 days ago
- Description
- Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- CNA Tags
- disputed
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
🔴 Querydsl: HQL Injection (#CVE-2024-49203) - Critical - Critical https://t.co/5egkYVwW7A
@dailycve
28 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Querydsl: HQL Injection Vulnerability (#CVE-2024-49203) - Critical - Critical https://t.co/P8gJJ5LXHg
@dailycve
27 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49203 Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery. https://t.co/RQCxXiGRvG
@CVEnew
21 Nov 2024
298 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes