CVE-2023-2681

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2681
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2681.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2681
Published
2023-10-03T13:15:09Z
Modified
2024-09-03T04:26:07.001624Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

References

Affected packages

Git / github.com/bbalet/jorani

Affected ranges

Type
GIT
Repo
https://github.com/bbalet/jorani
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

Prototype1

v0.*

v0.1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1_alpha
v0.1_beta
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.5.0
v0.5.1
v0.6.0
v0.6.2
v0.6.3
v0.6.4
v0.6.5

v1.*

v1.0.0