GHSA-q97m-8853-pq76
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q97m-8853-pq76
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-q97m-8853-pq76/GHSA-q97m-8853-pq76.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q97m-8853-pq76
- Aliases
-
- CVE-2024-40120
- Published
- 2025-05-16T15:31:02Z
- Modified
- 2025-05-16T22:27:12.408936Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- SeaweedFS Vulnerable to SQL Injection
- Details
-
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstractsql/abstractsql_store.go.
- Database specific
{ "nvd_published_at": "2025-05-16T13:15:51Z", "cwe_ids": [ "CWE-89" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-05-16T21:59:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-40120
- https://github.com/seaweedfs/seaweedfs/issues/5710
- https://github.com/seaweedfs/seaweedfs/commit/9ac1023362000f6e8e58c9d278653f5926a0d90e
- https://gist.github.com/sud0why/1b2115c1d644bd3db1c1b3f16684a78c
- https://github.com/seaweedfs/seaweedfs
- https://github.com/seaweedfs/seaweedfs/releases/tag/3.69
Affected packages
Go / github.com/seaweedfs/seaweedfs
Package
- Name
- github.com/seaweedfs/seaweedfs
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/seaweedfs/seaweedfs