Details
Assignee
Julian LadischJulian LadischReporter
Julian LadischJulian LadischLabels
Priority
P2Development Team
VolarisRCA Group
Implementation coding issueTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Julian Ladisch
Julian Ladisch
Reporter
Julian Ladisch
Julian LadischLabels
Priority
P2Development Team
Volaris
RCA Group
Implementation coding issue
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created March 12, 2025 at 9:52 AM
Updated March 12, 2025 at 9:54 AM
https://github.com/folio-org/folio-custom-fields/blob/626b37e/src/main/java/org/folio/repository/CustomFieldsConstants.java#L16 provides
If used it allows for SQL injection attacks. The attacker can use a single quote to gain SQL access.
Solution: Remove.