CVE-2023-7333

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-7333

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7333.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7333

Aliases

GHSA-p3jp-7gj7-h6pr

Published

2026-01-07T23:15:42.707Z

Modified

2026-03-15T22:48:06.673328Z

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.

References

Affected packages

Git / github.com/bluelabsio/records-mover

Affected ranges

Type: GIT
Repo: https://github.com/bluelabsio/records-mover
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa

Type: GIT
Repo: https://github.com/bluelabsio/records-mover
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c8621a48ff8def1aaca1c53189d6c3521219606

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7333.json"