CVE-2016-11024: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

May 7, 2021 (updated November 17, 2022)

odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.

References

github.com/advisories/GHSA-f96g-24cg-f24w
groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
nvd.nist.gov/vuln/detail/CVE-2016-11024

Detect and mitigate CVE-2016-11024 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →