odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
References
Link | Resource |
---|---|
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ | Third Party Advisory |
Configurations
Information
Published : 2020-03-30 13:15
Updated : 2020-03-30 14:21
NVD link : CVE-2016-11024
Mitre link : CVE-2016-11024
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
odata4j_project
- odata4j