Sanitize untrusted text before using in Hibernate
Escape untrusted text so a malicious user is unable to trigger remote code execution exploits by sending special text within the JSON body.
Hibernate will interpolate text surrounded by ${}
which can include arbitrary Java. Untrusted data must be escaped to prevent these values from being interpolated during the call to ConstraintValidatorContext.buildConstraintViolationWithTemplate()
.
Linked Gitlab issue: https://community.opengroup.org/osdu/platform/system/home/-/issues/90
Edited by Chris Zhang