SQL injection in query endpoint of REST API with Oracle

The protections added for XWIKI-22691 seems to theoretically still impact Oracle. At least the example given in https://www.sonarsource.com/blog/exploiting-hibernate-injections/#hql-injection-cheat-sheet does not cause the validator to find the following query unsafe:

select doc.fullName from XWikiDocument doc where NVL(TO_CHAR(DBMS_XMLGEN.getxml('select 1 where 1337>1')),'1')!='1'

Note that I did not yet check if it actually does something in Oracle.