Описание
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-gopkg-pg.v5 | removed | package | ||
| golang-gopkg-pg.v5 | no-dsa | trixie | package | |
| golang-gopkg-pg.v5 | no-dsa | bookworm | package | |
| golang-gopkg-pg.v5 | postponed | bullseye | package |
Примечания
https://github.com/advisories/GHSA-6xp3-p59p-q4fj
Fixed by: https://github.com/go-pg/pg/commit/eff50a43724e52347559687a6945c116afbb41c1 (v10.15.0)
Связанные уязвимости
CVSS3: 6.5
ubuntu
8 месяцев назад
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVSS3: 6.5
nvd
8 месяцев назад
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVSS3: 6.5
github
8 месяцев назад
go-pg SQL injection vulnerability via the component /types/append_value.go