blob: 8124acd2ade794030564a678780c13d2326511d2 [file] [log] [blame]
id: GO-2023-1295
modules:
- module: github.com/square/squalor
versions:
- fixed: 0.0.0-20200306154055-f6f0a47cc344
vulnerable_at: 0.0.0-20190215211619-afa27bf1201c
packages:
- package: github.com/square/squalor
symbols:
- quoteName
- Table.loadColumns
- Table.loadKeys
derived_symbols:
- AliasedTableExpr.Serialize
- AndExpr.Serialize
- BinaryExpr.Serialize
- ColName.Serialize
- Columns.Serialize
- ComparisonExpr.Serialize
- DB.BindModel
- DB.Delete
- DB.DeleteContext
- DB.Exec
- DB.ExecContext
- DB.Get
- DB.GetContext
- DB.Insert
- DB.InsertContext
- DB.InsertIgnore
- DB.InsertIgnoreContext
- DB.MustBindModel
- DB.Query
- DB.QueryContext
- DB.QueryRow
- DB.QueryRowContext
- DB.Replace
- DB.ReplaceContext
- DB.Select
- DB.SelectContext
- DB.Update
- DB.UpdateContext
- DB.Upsert
- DB.UpsertContext
- Delete.Serialize
- FuncExpr.Serialize
- GroupBy.Serialize
- Insert.Serialize
- JoinTableExpr.Serialize
- Limit.Serialize
- LoadTable
- NonStarExpr.Serialize
- NotExpr.Serialize
- NullCheck.Serialize
- OnDup.Serialize
- OnJoinCond.Serialize
- OrExpr.Serialize
- Order.Serialize
- OrderBy.Serialize
- ParenBoolExpr.Serialize
- RangeCond.Serialize
- Select.Serialize
- SelectExprs.Serialize
- Serialize
- StandardLogger.Log
- StarExpr.Serialize
- TableExprs.Serialize
- TableName.Serialize
- TableNames.Serialize
- Tx.Delete
- Tx.DeleteContext
- Tx.Exec
- Tx.ExecContext
- Tx.Get
- Tx.GetContext
- Tx.Insert
- Tx.InsertContext
- Tx.InsertIgnore
- Tx.InsertIgnoreContext
- Tx.Query
- Tx.QueryContext
- Tx.QueryRow
- Tx.QueryRowContext
- Tx.Replace
- Tx.ReplaceContext
- Tx.Select
- Tx.SelectContext
- Tx.Update
- Tx.UpdateContext
- Tx.Upsert
- Tx.UpsertContext
- Update.Serialize
- UpdateExpr.Serialize
- UpdateExprs.Serialize
- UsingJoinCond.Serialize
- ValExprs.Serialize
- ValTuple.Serialize
- Values.Serialize
- Where.Serialize
summary: SQL injection in github.com/square/squalor
description: There is a potential for SQL injection in the table name parameter.
cves:
- CVE-2020-36645
ghsas:
- GHSA-3hc7-2xcc-7p8f
references:
- report: https://github.com/square/squalor/pull/76
- fix: https://github.com/square/squalor/pull/76/commits/033350b8596b397c6cefa066b1f2c83d35fc8c4a