Alexander Kolbasov created SENTRY-1476:

             Summary: SentryStore is subject to JDQL injection
                 Key: SENTRY-1476
             Project: Sentry
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.7.0, sentry-ha-redesign
            Reporter: Alexander Kolbasov has a bunch of places where the query is constructed by 
concatenating strings rather than using JDQL parameters. This is subject to 
JDQL injection since some of the parameters come from Thrift.

All strings from Thrift should be passed as parameters, not as string 

This message was sent by Atlassian JIRA

Reply via email to