CVE-2024-49203
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49203
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49203.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-49203
- Aliases
- Withdrawn
- 2025-02-13T16:22:20Z
- Published
- 2024-11-20T21:15:08Z
- Modified
- 2025-05-28T10:40:13.613723Z
- Summary
- [none]
- Details
-
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.
- References
-
- https://github.com/advisories/GHSA-6q3q-6v5j-h6vg
- https://github.com/querydsl/querydsl/issues/3757
- https://github.com/spring-projects/spring-data-jpa/issues/3693
- https://github.com/OpenFeign/querydsl/
- https://github.com/OpenFeign/querydsl/pull/742
- https://github.com/OpenFeign/querydsl/pull/743
- https://github.com/OpenFeign/querydsl/releases/tag/5.6.1
- https://github.com/OpenFeign/querydsl/releases/tag/6.10.1
- https://github.com/querydsl/querydsl/releases/tag/QUERYDSL_5_1_0
- https://www.csirt.sk/querydsl-java-library-vulnerability-permits-sql-hql-injection.html
Affected packages
Git / github.com/openfeign/querydsl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openfeign/querydsl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/querydsl/querydsl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
5.*
5.0.1
5.1
5.1.1
5.2
5.3
5.4
5.5
5.6
6.*
6.0
6.0.0.M1
6.0.0.M2
6.0.0.M3
6.0.0.RC1
6.0.1
6.0.2
6.0.3
6.1
6.10
6.2
6.2.1
6.3
6.4
6.5
6.6
6.7
6.8
6.9
Other
QUERDSL_2_7_3
QUERYDSL_2_2_1
QUERYDSL_2_2_2
QUERYDSL_2_2_3
QUERYDSL_2_2_4
QUERYDSL_2_2_5
QUERYDSL_2_3_0
QUERYDSL_2_3_1
QUERYDSL_2_3_2
QUERYDSL_2_3_3
QUERYDSL_2_5_0
QUERYDSL_2_6_0
QUERYDSL_2_7_0
QUERYDSL_2_7_1
QUERYDSL_2_7_2
QUERYDSL_2_8_0
QUERYDSL_2_8_1
QUERYDSL_2_8_2
QUERYDSL_2_9_0
QUERYDSL_3_0_0
QUERYDSL_3_0_0_BETA1
QUERYDSL_3_0_0_BETA2
QUERYDSL_3_1_0
QUERYDSL_3_1_1
QUERYDSL_3_2_0
QUERYDSL_3_2_1
QUERYDSL_3_2_2
QUERYDSL_3_2_3
QUERYDSL_3_2_4
QUERYDSL_3_3_0
QUERYDSL_3_3_0_BETA1
QUERYDSL_3_3_0_BETA2
QUERYDSL_3_3_1
QUERYDSL_3_3_2
QUERYDSL_3_3_3
QUERYDSL_3_3_4
QUERYDSL_3_4_0
QUERYDSL_3_4_1
QUERYDSL_3_4_2
QUERYDSL_3_4_3
QUERYDSL_3_5_0
QUERYDSL_3_5_1
QUERYDSL_3_6_0
QUERYDSL_4_0_0
QUERYDSL_4_0_1
QUERYDSL_4_0_2
QUERYDSL_4_0_3
QUERYDSL_4_0_4
QUERYDSL_4_0_5
QUERYDSL_4_0_6
QUERYDSL_4_0_7
QUERYDSL_4_0_8
QUERYDSL_4_0_9
QUERYDSL_4_1_0
QUERYDSL_4_1_1
QUERYDSL_4_1_2
QUERYDSL_4_1_3
QUERYDSL_4_1_4
QUERYDSL_4_2_0
QUERYDSL_4_2_1
QUERYDSL_4_3_0
QUERYDSL_4_3_1
QUERYDSL_4_4_0
QUERYDSL_5_0_0
QUERYDSL_5_0_0_M1