blob: 86c4b3a8c831149c71c969cdc5e79c30033cd77e [file] [log] [blame]
id: GO-2023-2162
modules:
- module: github.com/flyteorg/flyteadmin
versions:
- fixed: 1.1.124
vulnerable_at: 1.1.123
packages:
- package: github.com/flyteorg/flyteadmin/pkg/common
symbols:
- NewSortParameter
summary: SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin
description: |-
A malicious user can send a REST request to a List endpoint with filters that
contain custom SQL statements. This can result in SQL injection.
cves:
- CVE-2023-41891
ghsas:
- GHSA-r847-6w6h-r8g4
credits:
- '@Sanjana-Sarda'
references:
- fix: https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd
review_status: REVIEWED