We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery.
Reserved 2024-10-14 | Published 2024-11-20 | Updated 2025-01-06 | Assigner mitregithub.com/querydsl/querydsl/releases/tag/QUERYDSL_5_1_0
www.csirt.sk/...vulnerability-permits-sql-hql-injection.html
github.com/querydsl/querydsl/issues/3757
github.com/OpenFeign/querydsl/
github.com/OpenFeign/querydsl/releases/tag/5.6.1
github.com/OpenFeign/querydsl/pull/742
github.com/advisories/GHSA-6q3q-6v5j-h6vg
github.com/OpenFeign/querydsl/releases/tag/6.10.1
github.com/OpenFeign/querydsl/pull/743
Support options