CVE-2024-49203

Unknown CVSS N/A

Overview

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.

CWE: N/A Published: 2024-11-20T21:15:08.090

Risk analysis

This vulnerability is rated ⚪ UNKNOWN.

CVSS: N/A
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags