GHSA-335g-xcjh-ghc2

Source

https://github.com/advisories/GHSA-335g-xcjh-ghc2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-335g-xcjh-ghc2/GHSA-335g-xcjh-ghc2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-335g-xcjh-ghc2

Aliases

CVE-2017-7681

Published

2022-05-17T02:28:11Z

Modified

2023-11-08T03:59:26.586561Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Apache OpenMeetings vulnerable to SQL injection

Details

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. The issue is fixed in version 3.3.0.

Database specific

{
    "nvd_published_at": "2017-07-17T13:18:00Z",
    "github_reviewed_at": "2022-11-22T18:57:00Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Maven / org.apache.openmeetings:openmeetings-parent

Package

Name: org.apache.openmeetings:openmeetings-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.openmeetings/openmeetings-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

3.3.0

Affected versions

3.*

3.1.2

3.1.3

3.1.4

3.1.5

3.2.0

3.2.1