HikariCP helps applications communicate with databases. It accepts the connectionTestQuery configuration which defines the query that will be executed just before a connection is given to you from the pool to validate that the connection to the database is still alive. The matching Spring Boot environment variable is spring.datasource.hikari.connection-test-query. Whenever a new database connection is created, the value of spring.datasource.hikari.connection-test-query will be executed as an SQL query first. New database connections can be triggered in two ways. It can achieve this by restarting the app with a request to POST /actuator/restart or alteration of database connection and starting it by making multiple requests to the application.
Mitigation / Precaution
- In order to patch this vulnerability, please install the official patch made available for supported, vulnerable instances.
