Example of a vulnerable application generated with Jhipster 7.7.0. Sample code for teaching purposes.
CVE-2022-24815 [] Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria [] Content of the directory TL;DR The CVE Details Opened issue and pull