[org.odata4j:odata4j-dist] SQL Injection in odata4j

odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.

References

• https://nvd.nist.gov/vuln/detail/CVE-2016-11024
• https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
• https://github.com/advisories/GHSA-f96g-24cg-f24w