1. Critical SQL Injection Vulnerability Discovered in ExpenseRepository: Unsafe Query Construction Opens Door to Arbitrary Database Commands
A critical SQL injection vulnerability has been flagged in the ExpenseRepository component of the expensetracker-1 project, with severity rated at the highest level. The flaw resides in the findByCategoryUnsafe query method at line 18 of ExpenseRepository.java, where the @Query annotation constructs a native SQL statem...