GO-2023-1494

Source

https://pkg.go.dev/vuln/GO-2023-1494

Import Source

https://vuln.go.dev/ID/GO-2023-1494.json

Aliases

CVE-2014-125064
GHSA-g7mw-9pf9-p2pm

Published

2023-02-01T23:23:34Z

Modified

2023-11-08T03:57:34.390027Z

Details

There is a potential for SQL injection through manipulation of the sqlStatement argument.

References

https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a

Affected packages

Go / github.com/elgs/gosqljson

Package

Name: github.com/elgs/gosqljson

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.0.0-20220916234230-750f26ee23c7

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/elgs/gosqljson",
            "symbols": [
                "ExecDb",
                "QueryDbToArray",
                "QueryDbToArrayJson",
                "QueryDbToMap",
                "QueryDbToMapJson"
            ]
        }
    ]
}