CVE-2023-1612

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1612
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1612.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1612
Published
2023-03-23T21:15:19.510Z
Modified
2026-04-10T04:54:24.308077Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.

References

Affected packages

Git / github.com/getrebuild/rebuild

Affected ranges

Type
GIT
Repo
https://github.com/getrebuild/rebuild
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
adc3adc64661ff9a5f4c775ef8dbb7bab15ceaf0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.3"
        }
    ]
}

Affected versions

1.*
1.0.0-beta
1.1.0-beta
1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.11.1
1.11.2
1.2.0-beta
1.3.0-beta
1.4.0-beta
1.5.0-beta
1.5.1-release
1.6.0
1.6.0-beta
1.6.1-release
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.9.2
2.*
2.0.0
2.0.0-beta2
2.0.1
2.1.0
2.1.0-beta1
2.1.1
2.2.0
2.2.0-beta1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.5.0
2.5.0-beta1
2.5.0-beta2
2.5.1
2.6.0
2.6.0-beta1
2.6.1
2.6.2
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1612.json"