Описание
SQL injection when using MySQL/PostgreSQL data checking
An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version.
The vulnerability was discovered by the Oxeye research team.
Ссылки
- https://github.com/megaease/easeprobe/security/advisories/GHSA-4c32-w6c7-77x4
- https://nvd.nist.gov/vuln/detail/CVE-2023-33967
- https://github.com/megaease/easeprobe/pull/330
- https://github.com/megaease/easeprobe/commit/caaf5860df2aaa76acd29bc40ec9a578d0b1d6e1
- https://github.com/megaease/easeprobe/releases/tag/v2.1.0
Пакеты
Наименование
github.com/megaease/easeprobe
go
Затронутые версииВерсия исправления
< 2.1.0
2.1.0
Связанные уязвимости
CVSS3: 8.2
nvd
больше 2 лет назад
EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.
CVSS3: 8.2
fstec
почти 3 года назад
Уязвимость инструмента проверки работоспособности/состояния EaseProbe, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный SQL-код