Описание
records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. Developers should upgrade the affected component.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-7333
- https://github.com/bluelabsio/records-mover/pull/254
- https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa
- https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
- https://vuldb.com/?ctiid.339566
- https://vuldb.com/?id.339566
Пакеты
records-mover
< 1.6.0
1.6.0
Связанные уязвимости
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.