Is a select query made by a java driver accessor vulnerable to injection?
Some like
@Query("SELECT * FROM table WHERE id = :id")
Result<Entity> byId(@Param("id") String id);
No, This syntax does not perform string replacement. It actually binds the value into a parameter slot. This means a malicious request would simply be treated as the id within a bound statement.