GO-2023-1494

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2023-1494

Import Source

https://vuln.go.dev/ID/GO-2023-1494.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2023-1494

Aliases

CVE-2014-125064
GHSA-g7mw-9pf9-p2pm

Published

2023-02-01T23:23:34Z

Modified

2024-05-20T16:03:47Z

Summary

SQL injection in github.com/elgs/gosqljson

Details

There is a potential for SQL injection through manipulation of the sqlStatement argument.

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2023-1494",
    "review_status": "REVIEWED"
}

References

https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a

Affected packages

Go / github.com/elgs/gosqljson

Package

Name: github.com/elgs/gosqljson; View open source insights on deps.dev
Purl: pkg:golang/github.com/elgs/gosqljson

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20220916234230-750f26ee23c7

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "ExecDb",
                "QueryDbToArray",
                "QueryDbToArrayJson",
                "QueryDbToMap",
                "QueryDbToMapJson"
            ],
            "path": "github.com/elgs/gosqljson"
        }
    ]
}