GHSA-p3jp-7gj7-h6pr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p3jp-7gj7-h6pr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-p3jp-7gj7-h6pr/GHSA-p3jp-7gj7-h6pr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p3jp-7gj7-h6pr
- Aliases
- Published
- 2026-01-08T00:31:14Z
- Modified
- 2026-02-03T03:15:55.181550Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- records-mover Injection vulnerability
- Details
-
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. Developers should upgrade the affected component.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-01-08T20:41:13Z", "severity": "MODERATE", "nvd_published_at": "2026-01-07T23:15:42Z", "cwe_ids": [ "CWE-74" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-7333
- https://github.com/bluelabsio/records-mover/pull/254
- https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa
- https://github.com/bluelabsio/records-mover
- https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
- https://vuldb.com/?ctiid.339566
- https://vuldb.com/?id.339566
Affected packages
PyPI / records-mover
Package
- Name
- records-mover
- View open source insights on deps.dev
- Purl
- pkg:pypi/records-mover
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.0