GHSA-w4x5-jqq4-qc8x

Source

https://github.com/advisories/GHSA-w4x5-jqq4-qc8x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-w4x5-jqq4-qc8x/GHSA-w4x5-jqq4-qc8x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w4x5-jqq4-qc8x

Aliases

CVE-2019-19026
GHSA-rh89-vvrg-fg64
GO-2022-0883

Published

2021-05-18T18:27:43Z

Modified

2024-08-21T15:58:42.722070Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

SQL Injection in Cloud Native Computing Foundation Harbor

Details

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.

Database specific

{
    "nvd_published_at": "2020-03-20T03:15:00Z",
    "github_reviewed_at": "2021-05-04T22:00:55Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Go / github.com/goharbor/harbor

Package

Name: github.com/goharbor/harbor; View open source insights on deps.dev
Purl: pkg:golang/github.com/goharbor/harbor

Affected ranges

Type: SEMVER
Events: Introduced

1.7.0

Fixed

1.8.6

Go / github.com/goharbor/harbor

Package

Name: github.com/goharbor/harbor; View open source insights on deps.dev
Purl: pkg:golang/github.com/goharbor/harbor

Affected ranges

Type: SEMVER
Events: Introduced

1.9.0

Fixed

1.9.3