MGASA-2019-0144

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0144.html

Import Source

https://advisories.mageia.org/MGASA-2019-0144.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0144

Upstream

CVE-2018-1002161

Published

2019-04-10T22:07:23Z

Modified

2026-04-16T04:41:30.694460066Z

Summary

Updated koji packages fix security vulnerability

Details

Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data (CVE-2018-1002161).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / koji

Package

Name: koji
Purl: pkg:rpm/mageia/koji?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.2-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0144.json"