Impact
SQL Injection.
The following locations are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements.
These vulnerabilities were uncovered and reported by a CodeQL Query from LGTM.com. The below query shows the specific dataflow paths and string concatenations creating the conditions for this vulnerability to exist.
https://lgtm.com/projects/g/OpenClinica/OpenClinica/alerts/?mode=list&tag=security&id=java%2Fsql-injection
A summary of the vulnerabilities can be found below:
-
|
ps = con.prepareStatement(query); |
- Vulnerable parameters:
formVersionOID; Endpoints:
/rest/auth/api/v1/clinicaldata/json/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}
/rest/clinicaldata/json/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}
/rest/clinicaldata/xml/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}
/rest/metadata/xml/view/{studyOID}/{studyEventDefinitionOId}/{formVersionOID}
/rest/metadata/json/view/{studyOID}/{studyEventDefinitionOId}/{formVersionOID}
-
Vulnerable POST parameters for endpoint: rest/auth/api/itemdata: ssOid, sedOid, eventOrdinal, crfOid in the following locations:
|
org.hibernate.Query q = getCurrentSession().createQuery(query); |
|
org.hibernate.Query q = getCurrentSession().createQuery(query); |
|
org.hibernate.Query q = getCurrentSession().createQuery(query); |
Patches
b152cc6
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No
References
Impact
SQL Injection.
The following locations are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements.
These vulnerabilities were uncovered and reported by a CodeQL Query from LGTM.com. The below query shows the specific dataflow paths and string concatenations creating the conditions for this vulnerability to exist.
https://lgtm.com/projects/g/OpenClinica/OpenClinica/alerts/?mode=list&tag=security&id=java%2Fsql-injection
A summary of the vulnerabilities can be found below:
OpenClinica/core/src/main/java/org/akaza/openclinica/dao/core/EntityDAO.java
Line 174 in e46944f
formVersionOID; Endpoints:/rest/auth/api/v1/clinicaldata/json/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}/rest/clinicaldata/json/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}/rest/clinicaldata/xml/view/{studyOID}/{studySubjectIdentifier}/{studyEventOID}/{formVersionOID}/rest/metadata/xml/view/{studyOID}/{studyEventDefinitionOId}/{formVersionOID}/rest/metadata/json/view/{studyOID}/{studyEventDefinitionOId}/{formVersionOID}Vulnerable POST parameters for endpoint:
rest/auth/api/itemdata:ssOid,sedOid,eventOrdinal,crfOidin the following locations:OpenClinica/core/src/main/java/org/akaza/openclinica/dao/hibernate/EventCrfFlagDao.java
Line 22 in e46944f
OpenClinica/core/src/main/java/org/akaza/openclinica/dao/hibernate/ItemDataFlagDao.java
Line 25 in e46944f
OpenClinica/core/src/main/java/org/akaza/openclinica/dao/hibernate/ItemDataFlagDao.java
Line 34 in e46944f
Patches
b152cc6
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No
References