CVE-2022-4963

Name of the Vulnerable Software and Affected Versions Folio Spring Module Core versions prior to 2.0.0

Description A critical issue was found in the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection.

Recommendations For Folio Spring Module Core versions prior to 2.0.0, upgrade to version 2.0.0 to address this issue. As a temporary workaround, consider disabling the dropSchema function until the patch is applied. Restrict access to the Schema Name Handler component to minimize the risk of exploitation.