VMware offers training and certification to turbo-charge your progress.Learn more
Sort instances handed into user defined Spring Data repository query methods using manually declared JPQL queries are handed to the persistence provider as is and allow attackers to inject arbitrary JPQL into
ORDER BY clauses which they might use to draw conclusions about non-exposed fields based on the query result's element order changing depending on the injected JPQL.
This especially comes into play if the
Sort instances are created from untrustable sources, e.g. web request parameters.
Users of affected versions should apply the following mitigation:
The vulnerability was reported responsibly by Niklas Särökaari from Silverskin Information Security and Joona Immonen, Arto Santala, Antti Virtanen, Michael Holopainen and Antti Ahola from Solita.