data/osv/GO-2023-1295.json - vulndb - Git at Google

 {
   "schema_version": "1.3.1",
   "id": "GO-2023-1295",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
   "aliases": [
     "CVE-2020-36645",
     "GHSA-3hc7-2xcc-7p8f"
   ],
   "summary": "SQL injection in github.com/square/squalor",
   "details": "There is a potential for SQL injection in the table name parameter.",
   "affected": [
     {
       "package": {
         "name": "github.com/square/squalor",
         "ecosystem": "Go"
       },
       "ranges": [
         {
           "type": "SEMVER",
           "events": [
             {
               "introduced": "0"
             },
             {
               "fixed": "0.0.0-20200306154055-f6f0a47cc344"
             }
           ]
         }
       ],
       "ecosystem_specific": {
         "imports": [
           {
             "path": "github.com/square/squalor",
             "symbols": [
               "AliasedTableExpr.Serialize",
               "AndExpr.Serialize",
               "BinaryExpr.Serialize",
               "ColName.Serialize",
               "Columns.Serialize",
               "ComparisonExpr.Serialize",
               "DB.BindModel",
               "DB.Delete",
               "DB.DeleteContext",
               "DB.Exec",
               "DB.ExecContext",
               "DB.Get",
               "DB.GetContext",
               "DB.Insert",
               "DB.InsertContext",
               "DB.InsertIgnore",
               "DB.InsertIgnoreContext",
               "DB.MustBindModel",
               "DB.Query",
               "DB.QueryContext",
               "DB.QueryRow",
               "DB.QueryRowContext",
               "DB.Replace",
               "DB.ReplaceContext",
               "DB.Select",
               "DB.SelectContext",
               "DB.Update",
               "DB.UpdateContext",
               "DB.Upsert",
               "DB.UpsertContext",
               "Delete.Serialize",
               "FuncExpr.Serialize",
               "GroupBy.Serialize",
               "Insert.Serialize",
               "JoinTableExpr.Serialize",
               "Limit.Serialize",
               "LoadTable",
               "NonStarExpr.Serialize",
               "NotExpr.Serialize",
               "NullCheck.Serialize",
               "OnDup.Serialize",
               "OnJoinCond.Serialize",
               "OrExpr.Serialize",
               "Order.Serialize",
               "OrderBy.Serialize",
               "ParenBoolExpr.Serialize",
               "RangeCond.Serialize",
               "Select.Serialize",
               "SelectExprs.Serialize",
               "Serialize",
               "StandardLogger.Log",
               "StarExpr.Serialize",
               "Table.loadColumns",
               "Table.loadKeys",
               "TableExprs.Serialize",
               "TableName.Serialize",
               "TableNames.Serialize",
               "Tx.Delete",
               "Tx.DeleteContext",
               "Tx.Exec",
               "Tx.ExecContext",
               "Tx.Get",
               "Tx.GetContext",
               "Tx.Insert",
               "Tx.InsertContext",
               "Tx.InsertIgnore",
               "Tx.InsertIgnoreContext",
               "Tx.Query",
               "Tx.QueryContext",
               "Tx.QueryRow",
               "Tx.QueryRowContext",
               "Tx.Replace",
               "Tx.ReplaceContext",
               "Tx.Select",
               "Tx.SelectContext",
               "Tx.Update",
               "Tx.UpdateContext",
               "Tx.Upsert",
               "Tx.UpsertContext",
               "Update.Serialize",
               "UpdateExpr.Serialize",
               "UpdateExprs.Serialize",
               "UsingJoinCond.Serialize",
               "ValExprs.Serialize",
               "ValTuple.Serialize",
               "Values.Serialize",
               "Where.Serialize",
               "quoteName"
             ]
           }
         ]
       }
     }
   ],
   "references": [
     {
       "type": "REPORT",
       "url": "https://github.com/square/squalor/pull/76"
     },
     {
       "type": "FIX",
       "url": "https://github.com/square/squalor/pull/76/commits/033350b8596b397c6cefa066b1f2c83d35fc8c4a"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2023-1295",
     "review_status": "REVIEWED"
   }
 }
	{
	"schema_version": "1.3.1",
	"id": "GO-2023-1295",
	"modified": "0001-01-01T00:00:00Z",
	"published": "0001-01-01T00:00:00Z",
	"aliases": [
	"CVE-2020-36645",
	"GHSA-3hc7-2xcc-7p8f"
	],
	"summary": "SQL injection in github.com/square/squalor",
	"details": "There is a potential for SQL injection in the table name parameter.",
	"affected": [
	{
	"package": {
	"name": "github.com/square/squalor",
	"ecosystem": "Go"
	},
	"ranges": [
	{
	"type": "SEMVER",
	"events": [
	{
	"introduced": "0"
	},
	{
	"fixed": "0.0.0-20200306154055-f6f0a47cc344"
	}
	]
	}
	],
	"ecosystem_specific": {
	"imports": [
	{
	"path": "github.com/square/squalor",
	"symbols": [
	"AliasedTableExpr.Serialize",
	"AndExpr.Serialize",
	"BinaryExpr.Serialize",
	"ColName.Serialize",
	"Columns.Serialize",
	"ComparisonExpr.Serialize",
	"DB.BindModel",
	"DB.Delete",
	"DB.DeleteContext",
	"DB.Exec",
	"DB.ExecContext",
	"DB.Get",
	"DB.GetContext",
	"DB.Insert",
	"DB.InsertContext",
	"DB.InsertIgnore",
	"DB.InsertIgnoreContext",
	"DB.MustBindModel",
	"DB.Query",
	"DB.QueryContext",
	"DB.QueryRow",
	"DB.QueryRowContext",
	"DB.Replace",
	"DB.ReplaceContext",
	"DB.Select",
	"DB.SelectContext",
	"DB.Update",
	"DB.UpdateContext",
	"DB.Upsert",
	"DB.UpsertContext",
	"Delete.Serialize",
	"FuncExpr.Serialize",
	"GroupBy.Serialize",
	"Insert.Serialize",
	"JoinTableExpr.Serialize",
	"Limit.Serialize",
	"LoadTable",
	"NonStarExpr.Serialize",
	"NotExpr.Serialize",
	"NullCheck.Serialize",
	"OnDup.Serialize",
	"OnJoinCond.Serialize",
	"OrExpr.Serialize",
	"Order.Serialize",
	"OrderBy.Serialize",
	"ParenBoolExpr.Serialize",
	"RangeCond.Serialize",
	"Select.Serialize",
	"SelectExprs.Serialize",
	"Serialize",
	"StandardLogger.Log",
	"StarExpr.Serialize",
	"Table.loadColumns",
	"Table.loadKeys",
	"TableExprs.Serialize",
	"TableName.Serialize",
	"TableNames.Serialize",
	"Tx.Delete",
	"Tx.DeleteContext",
	"Tx.Exec",
	"Tx.ExecContext",
	"Tx.Get",
	"Tx.GetContext",
	"Tx.Insert",
	"Tx.InsertContext",
	"Tx.InsertIgnore",
	"Tx.InsertIgnoreContext",
	"Tx.Query",
	"Tx.QueryContext",
	"Tx.QueryRow",
	"Tx.QueryRowContext",
	"Tx.Replace",
	"Tx.ReplaceContext",
	"Tx.Select",
	"Tx.SelectContext",
	"Tx.Update",
	"Tx.UpdateContext",
	"Tx.Upsert",
	"Tx.UpsertContext",
	"Update.Serialize",
	"UpdateExpr.Serialize",
	"UpdateExprs.Serialize",
	"UsingJoinCond.Serialize",
	"ValExprs.Serialize",
	"ValTuple.Serialize",
	"Values.Serialize",
	"Where.Serialize",
	"quoteName"
	]
	}
	]
	}
	}
	],
	"references": [
	{
	"type": "REPORT",
	"url": "https://github.com/square/squalor/pull/76"
	},
	{
	"type": "FIX",
	"url": "https://github.com/square/squalor/pull/76/commits/033350b8596b397c6cefa066b1f2c83d35fc8c4a"
	}
	],
	"database_specific": {
	"url": "https://pkg.go.dev/vuln/GO-2023-1295",
	"review_status": "REVIEWED"
	}
	}