[reload4j] SQL injection problem in JDBCAppender

Vladimir Sitnikov sitnikov.vladimir at gmail.com
Wed Jan 19 19:51:14 CET 2022


Here's a PR with what I suggest:
https://github.com/qos-ch/reload4j/pull/26

JdbcPatternParserTest shows how it parses the current pattern into
"text for the prepared statement" and "arguments for it" in
JdbcPatternParserTest.

I believe it fixes the CVE, and it keeps the code compatible with previous
usages.

Vladimir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/reload4j/attachments/20220119/60ae8ad7/attachment.html>


More information about the reload4j mailing list