codeql/java/old-change-notes/2020-10-27-insecure-bean-validation.md

lgtm,codescanning

• A new query "Insecure Bean Validation" (java/insecure-bean-validation) has been added. This query finds server-side template injections caused by untrusted data flowing from a bean property into a custom error message for a constraint validator. This vulnerability can lead to arbitrary code execution.