data/reports/GO-2023-1494.yaml - vulndb - Git at Google

 id: GO-2023-1494
 modules:
     - module: github.com/elgs/gosqljson
       versions:
         - fixed: 0.0.0-20220916234230-750f26ee23c7
       vulnerable_at: 0.0.0-20140902115517-fa34a82f9316
       packages:
         - package: github.com/elgs/gosqljson
           symbols:
             - ExecDb
             - QueryDbToArray
             - QueryDbToMap
           derived_symbols:
             - QueryDbToArrayJson
             - QueryDbToMapJson
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: There is a potential for SQL injection through manipulation of the sqlStatement argument.
 cves:
     - CVE-2014-125064
 ghsas:
     - GHSA-g7mw-9pf9-p2pm
 references:
     - fix: https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a
	id: GO-2023-1494
	modules:
	- module: github.com/elgs/gosqljson
	versions:
	- fixed: 0.0.0-20220916234230-750f26ee23c7
	vulnerable_at: 0.0.0-20140902115517-fa34a82f9316
	packages:
	- package: github.com/elgs/gosqljson
	symbols:
	- ExecDb
	- QueryDbToArray
	- QueryDbToMap
	derived_symbols:
	- QueryDbToArrayJson
	- QueryDbToMapJson
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: There is a potential for SQL injection through manipulation of the sqlStatement argument.
	cves:
	- CVE-2014-125064
	ghsas:
	- GHSA-g7mw-9pf9-p2pm
	references:
	- fix: https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a