Description
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
Remediation
References
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
Related Vulnerabilities
CVE-2021-29459 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2013-4317 Vulnerability in maven package org.apache.cloudstack:cloudstack
CVE-2021-23359 Vulnerability in npm package port-killer
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-flink-table
CVE-2018-11796 Vulnerability in maven package org.apache.tika:tika-core