CVE-2024-49203 Information

Description

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

Reference

https://github.com/querydsl/querydsl/releases/tag/QUERYDSL_5_1_0 https://www.csirt.sk/querydsl-java-library-vulnerability-permits-sql-hql-injection.html https://github.com/querydsl/querydsl/issues/3757