GO-2023-1295

See a problem?
Source
https://pkg.go.dev/vuln/GO-2023-1295
Import Source
https://vuln.go.dev/ID/GO-2023-1295.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1295
Aliases
Published
2023-02-01T23:19:27Z
Modified
2024-05-20T16:03:47Z
Summary
SQL injection in github.com/square/squalor
Details

There is a potential for SQL injection in the table name parameter.

References

Affected packages

Go / github.com/square/squalor

Package

Name
github.com/square/squalor
View open source insights on deps.dev
Purl
pkg:golang/github.com/square/squalor

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0-20200306154055-f6f0a47cc344

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/square/squalor",
            "symbols": [
                "AliasedTableExpr.Serialize",
                "AndExpr.Serialize",
                "BinaryExpr.Serialize",
                "ColName.Serialize",
                "Columns.Serialize",
                "ComparisonExpr.Serialize",
                "DB.BindModel",
                "DB.Delete",
                "DB.DeleteContext",
                "DB.Exec",
                "DB.ExecContext",
                "DB.Get",
                "DB.GetContext",
                "DB.Insert",
                "DB.InsertContext",
                "DB.InsertIgnore",
                "DB.InsertIgnoreContext",
                "DB.MustBindModel",
                "DB.Query",
                "DB.QueryContext",
                "DB.QueryRow",
                "DB.QueryRowContext",
                "DB.Replace",
                "DB.ReplaceContext",
                "DB.Select",
                "DB.SelectContext",
                "DB.Update",
                "DB.UpdateContext",
                "DB.Upsert",
                "DB.UpsertContext",
                "Delete.Serialize",
                "FuncExpr.Serialize",
                "GroupBy.Serialize",
                "Insert.Serialize",
                "JoinTableExpr.Serialize",
                "Limit.Serialize",
                "LoadTable",
                "NonStarExpr.Serialize",
                "NotExpr.Serialize",
                "NullCheck.Serialize",
                "OnDup.Serialize",
                "OnJoinCond.Serialize",
                "OrExpr.Serialize",
                "Order.Serialize",
                "OrderBy.Serialize",
                "ParenBoolExpr.Serialize",
                "RangeCond.Serialize",
                "Select.Serialize",
                "SelectExprs.Serialize",
                "Serialize",
                "StandardLogger.Log",
                "StarExpr.Serialize",
                "Table.loadColumns",
                "Table.loadKeys",
                "TableExprs.Serialize",
                "TableName.Serialize",
                "TableNames.Serialize",
                "Tx.Delete",
                "Tx.DeleteContext",
                "Tx.Exec",
                "Tx.ExecContext",
                "Tx.Get",
                "Tx.GetContext",
                "Tx.Insert",
                "Tx.InsertContext",
                "Tx.InsertIgnore",
                "Tx.InsertIgnoreContext",
                "Tx.Query",
                "Tx.QueryContext",
                "Tx.QueryRow",
                "Tx.QueryRowContext",
                "Tx.Replace",
                "Tx.ReplaceContext",
                "Tx.Select",
                "Tx.SelectContext",
                "Tx.Update",
                "Tx.UpdateContext",
                "Tx.Upsert",
                "Tx.UpsertContext",
                "Update.Serialize",
                "UpdateExpr.Serialize",
                "UpdateExprs.Serialize",
                "UsingJoinCond.Serialize",
                "ValExprs.Serialize",
                "ValTuple.Serialize",
                "Values.Serialize",
                "Where.Serialize",
                "quoteName"
            ]
        }
    ]
}