GHSA-mr6h-chqp-p9g2

Source

https://github.com/advisories/GHSA-mr6h-chqp-p9g2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-mr6h-chqp-p9g2/GHSA-mr6h-chqp-p9g2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mr6h-chqp-p9g2

Aliases

CVE-2014-8681
GO-2020-0021

Published

2021-06-29T18:32:44Z

Modified

2023-11-08T03:57:45.844565Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator

Summary

SQL Injection in gogs.io/gogs

Details

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-89"
    ],
    "github_reviewed_at": "2021-05-19T21:47:51Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Go / gogs.io/gogs

Package

Name: gogs.io/gogs; View open source insights on deps.dev
Purl: pkg:golang/gogs.io/gogs

Affected ranges

Type: SEMVER
Events: Introduced

0.3.1

Fixed

0.5.8

Go / github.com/gogits/gogs

Package

Name: github.com/gogits/gogs; View open source insights on deps.dev
Purl: pkg:golang/github.com/gogits/gogs

Affected ranges

Type: SEMVER
Events: Introduced

0.3.1

Fixed

0.5.8