Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

SQL injection in strings and column names

Description

ColumnFilter.value doesn't escape single quotes.

ColumnFilter.key and OrderingCriterion.key pass double quotes to the database without escaping.

This results in SQL injection.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:
Done

Details

Assignee

Reporter

Labels

Priority

Development Team

Thor

Fix versions

RCA Group

TBD

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created September 5, 2022 at 8:06 PM
Updated October 7, 2022 at 7:22 PM
Resolved September 12, 2022 at 4:52 PM
Configure
TestRail: Cases
TestRail: Runs

Flag notifications