CVE-2022-39303

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-39303

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39303.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39303

Aliases

GHSA-69xv-xjfw-4pv8

Published

2022-10-13T00:00:00Z

Modified

2026-04-02T08:09:34.811566Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Ree6 vulnerable to SQL Injection

Details

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39303.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/ree6-applications/ree6

Affected ranges

Type: GIT
Repo: https://github.com/ree6-applications/ree6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5c4358cedcc4f5c6e40c6052741cf60056c58cc

Affected versions

1.*

1.5.1

1.5.2

1.5.3

1.6.0

1.6.3

1.6.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39303.json"