Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|
|
|
Description: Impact
Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering half of the XTS key obsolete. Timing attacks require specific conditions to be exploitable.
Patches
Patched in 2024.11.26
Workarounds
Upgrade the package
References
https://en.wikipedia.org/wiki/Timing_attack
References
https://github.com/Devolutions/XTS.NET/security/advisories/GHSA-j6vm-4r7g-x4gr
https://nvd.nist.gov/vuln/detail/CVE-2024-11862
https://github.com/Devolutions/XTS.NET/commit/fb349d5bfb587218e8603b38ea37f03f036b57fd
https://github.com/advisories/GHSA-j6vm-4r7g-x4gr
November 27th, 2024 (5 months ago)
|
|
|
Description: Just like Russia's Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia.
November 27th, 2024 (5 months ago)
|
|
|
Description: A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
November 27th, 2024 (5 months ago)
|
|
|
Description: The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
November 27th, 2024 (5 months ago)
|