CVE-2024-49203

Source
https://cve.org/CVERecord?id=CVE-2024-49203
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49203.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-49203
Aliases
Downstream
Published
2024-11-20T00:00:00Z
Modified
2026-07-15T01:49:11.734208235Z
Summary
[none]
Details

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49203.json",
    "cna_assigner": "mitre",
    "isDisputed": true
}
References

Affected packages

Git / github.com/openfeign/querydsl

Affected ranges

Type
GIT
Repo
https://github.com/openfeign/querydsl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

5.*
5.0.1
5.1
5.1.1
5.2
5.3
5.4
5.5
5.6
6.*
6.0
6.0.0.M1
6.0.0.M2
6.0.0.M3
6.0.0.RC1
6.0.1
6.0.2
6.0.3
6.1
6.10
6.2
6.2.1
6.3
6.4
6.5
6.6
6.7
6.8
6.9
Other
QUERDSL_2_7_3
QUERYDSL_2_2_1
QUERYDSL_2_2_2
QUERYDSL_2_2_4
QUERYDSL_2_2_5
QUERYDSL_2_3_0
QUERYDSL_2_3_1
QUERYDSL_2_3_2
QUERYDSL_2_3_3
QUERYDSL_2_5_0
QUERYDSL_2_6_0
QUERYDSL_2_7_0
QUERYDSL_2_7_1
QUERYDSL_2_7_2
QUERYDSL_2_8_0
QUERYDSL_2_8_1
QUERYDSL_2_8_2
QUERYDSL_2_9_0
QUERYDSL_3_0_0
QUERYDSL_3_0_0_BETA1
QUERYDSL_3_0_0_BETA2
QUERYDSL_3_1_0
QUERYDSL_3_1_1
QUERYDSL_3_2_0
QUERYDSL_3_2_1
QUERYDSL_3_2_2
QUERYDSL_3_3_0
QUERYDSL_3_3_0_BETA1
QUERYDSL_3_3_1
QUERYDSL_3_3_2
QUERYDSL_3_3_3
QUERYDSL_3_3_4
QUERYDSL_3_4_0
QUERYDSL_3_4_1
QUERYDSL_3_4_2
QUERYDSL_3_4_3
QUERYDSL_3_5_0
QUERYDSL_3_5_1
QUERYDSL_3_6_0
QUERYDSL_4_0_0
QUERYDSL_4_0_1
QUERYDSL_4_0_2
QUERYDSL_4_0_3
QUERYDSL_4_0_4
QUERYDSL_4_0_5
QUERYDSL_4_0_6
QUERYDSL_4_0_7
QUERYDSL_4_0_8
QUERYDSL_4_0_9
QUERYDSL_4_1_0
QUERYDSL_4_1_1
QUERYDSL_4_1_2
QUERYDSL_4_1_3
QUERYDSL_4_1_4
QUERYDSL_4_2_0
QUERYDSL_4_2_1
QUERYDSL_4_3_0
QUERYDSL_4_3_1
QUERYDSL_4_4_0
QUERYDSL_5_0_0
QUERYDSL_5_0_0_M1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49203.json"

Git / github.com/querydsl/querydsl

Affected ranges

Type
GIT
Repo
https://github.com/querydsl/querydsl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

Other
QUERDSL_2_7_3
QUERYDSL_2_2_1
QUERYDSL_2_2_2
QUERYDSL_2_2_4
QUERYDSL_2_2_5
QUERYDSL_2_3_0
QUERYDSL_2_3_1
QUERYDSL_2_3_2
QUERYDSL_2_3_3
QUERYDSL_2_5_0
QUERYDSL_2_6_0
QUERYDSL_2_7_0
QUERYDSL_2_7_1
QUERYDSL_2_7_2
QUERYDSL_2_8_0
QUERYDSL_2_8_1
QUERYDSL_2_8_2
QUERYDSL_2_9_0
QUERYDSL_3_0_0
QUERYDSL_3_0_0_BETA1
QUERYDSL_3_0_0_BETA2
QUERYDSL_3_1_0
QUERYDSL_3_1_1
QUERYDSL_3_2_0
QUERYDSL_3_2_1
QUERYDSL_3_2_2
QUERYDSL_3_3_0
QUERYDSL_3_3_0_BETA1
QUERYDSL_3_3_1
QUERYDSL_3_3_2
QUERYDSL_3_3_3
QUERYDSL_3_3_4
QUERYDSL_3_4_0
QUERYDSL_3_4_1
QUERYDSL_3_4_2
QUERYDSL_3_4_3
QUERYDSL_3_5_0
QUERYDSL_3_5_1
QUERYDSL_3_6_0
QUERYDSL_4_0_0
QUERYDSL_4_0_1
QUERYDSL_4_0_2
QUERYDSL_4_0_3
QUERYDSL_4_0_4
QUERYDSL_4_0_5
QUERYDSL_4_0_6
QUERYDSL_4_0_7
QUERYDSL_4_0_8
QUERYDSL_4_0_9
QUERYDSL_4_1_0
QUERYDSL_4_1_1
QUERYDSL_4_1_2
QUERYDSL_4_1_3
QUERYDSL_4_1_4
QUERYDSL_4_2_0
QUERYDSL_4_2_1
QUERYDSL_4_3_0
QUERYDSL_4_3_1
QUERYDSL_4_4_0
QUERYDSL_5_0_0
QUERYDSL_5_0_0_M1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49203.json"