GO-2023-1295
- Source
- https://pkg.go.dev/vuln/GO-2023-1295
- Import Source
- https://vuln.go.dev/ID/GO-2023-1295.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2023-1295
- Aliases
- Published
- 2023-02-01T23:19:27Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- SQL injection in github.com/square/squalor
- Details
-
There is a potential for SQL injection in the table name parameter.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1295" }- References
Affected packages
Go / github.com/square/squalor
Package
- Name
- github.com/square/squalor
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/square/squalor
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.0.0-20200306154055-f6f0a47cc344
Ecosystem specific
{
"imports": [
{
"path": "github.com/square/squalor",
"symbols": [
"AliasedTableExpr.Serialize",
"AndExpr.Serialize",
"BinaryExpr.Serialize",
"ColName.Serialize",
"Columns.Serialize",
"ComparisonExpr.Serialize",
"DB.BindModel",
"DB.Delete",
"DB.DeleteContext",
"DB.Exec",
"DB.ExecContext",
"DB.Get",
"DB.GetContext",
"DB.Insert",
"DB.InsertContext",
"DB.InsertIgnore",
"DB.InsertIgnoreContext",
"DB.MustBindModel",
"DB.Query",
"DB.QueryContext",
"DB.QueryRow",
"DB.QueryRowContext",
"DB.Replace",
"DB.ReplaceContext",
"DB.Select",
"DB.SelectContext",
"DB.Update",
"DB.UpdateContext",
"DB.Upsert",
"DB.UpsertContext",
"Delete.Serialize",
"FuncExpr.Serialize",
"GroupBy.Serialize",
"Insert.Serialize",
"JoinTableExpr.Serialize",
"Limit.Serialize",
"LoadTable",
"NonStarExpr.Serialize",
"NotExpr.Serialize",
"NullCheck.Serialize",
"OnDup.Serialize",
"OnJoinCond.Serialize",
"OrExpr.Serialize",
"Order.Serialize",
"OrderBy.Serialize",
"ParenBoolExpr.Serialize",
"RangeCond.Serialize",
"Select.Serialize",
"SelectExprs.Serialize",
"Serialize",
"StandardLogger.Log",
"StarExpr.Serialize",
"Table.loadColumns",
"Table.loadKeys",
"TableExprs.Serialize",
"TableName.Serialize",
"TableNames.Serialize",
"Tx.Delete",
"Tx.DeleteContext",
"Tx.Exec",
"Tx.ExecContext",
"Tx.Get",
"Tx.GetContext",
"Tx.Insert",
"Tx.InsertContext",
"Tx.InsertIgnore",
"Tx.InsertIgnoreContext",
"Tx.Query",
"Tx.QueryContext",
"Tx.QueryRow",
"Tx.QueryRowContext",
"Tx.Replace",
"Tx.ReplaceContext",
"Tx.Select",
"Tx.SelectContext",
"Tx.Update",
"Tx.UpdateContext",
"Tx.Upsert",
"Tx.UpsertContext",
"Update.Serialize",
"UpdateExpr.Serialize",
"UpdateExprs.Serialize",
"UsingJoinCond.Serialize",
"ValExprs.Serialize",
"ValTuple.Serialize",
"Values.Serialize",
"Where.Serialize",
"quoteName"
]
}
]
}