GHSA-wpvf-5mc3-hv6m

Source

https://github.com/advisories/GHSA-wpvf-5mc3-hv6m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-wpvf-5mc3-hv6m/GHSA-wpvf-5mc3-hv6m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wpvf-5mc3-hv6m

Aliases

CVE-2024-49203

Published

2024-11-20T21:30:50Z

Modified

2024-11-21T22:42:30.639090Z

Summary

Querydsl SQL/HQL injection

Details

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

References

Affected packages

Maven / com.querydsl:querydsl-jpa

Package

Name: com.querydsl:querydsl-jpa; View open source insights on deps.dev
Purl: pkg:maven/com.querydsl/querydsl-jpa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.1.0

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.4.0

5.*

5.0.0.M1

5.0.0

5.1.0

Maven / com.querydsl:querydsl-apt

Package

Name: com.querydsl:querydsl-apt; View open source insights on deps.dev
Purl: pkg:maven/com.querydsl/querydsl-apt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.1.0

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.4.0

5.*

5.0.0.M1

5.0.0

5.1.0

Maven / io.github.openfeign.querydsl:querydsl-jpa

Package

Name: io.github.openfeign.querydsl:querydsl-jpa; View open source insights on deps.dev
Purl: pkg:maven/io.github.openfeign.querydsl/querydsl-jpa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.8

Affected versions

5.*

5.0.1

5.1

5.1.1

5.2

5.3

5.4

5.5

5.6

6.*

6.0.0.M1

6.0.0.M2

6.0.0.M3

6.0.0.RC1

6.0

6.0.1

6.0.2

6.0.3

6.1

6.2

6.2.1

6.3

6.4

6.5

6.6

6.7

6.8

Maven / io.github.openfeign.querydsl:querydsl-apt

Package

Name: io.github.openfeign.querydsl:querydsl-apt; View open source insights on deps.dev
Purl: pkg:maven/io.github.openfeign.querydsl/querydsl-apt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.8

Affected versions

5.*

5.0.1

5.1

5.1.1

5.2

5.3

5.4

5.5

5.6

6.*

6.0.0.M1

6.0.0.M2

6.0.0.M3

6.0.0.RC1

6.0

6.0.1

6.0.2

6.0.3

6.1

6.2

6.2.1

6.3

6.4

6.5

6.6

6.7

6.8