Описание
SeaweedFS Vulnerable to SQL Injection
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-40120
- https://github.com/seaweedfs/seaweedfs/issues/5710
- https://github.com/seaweedfs/seaweedfs/commit/9ac1023362000f6e8e58c9d278653f5926a0d90e
- https://gist.github.com/sud0why/1b2115c1d644bd3db1c1b3f16684a78c
- https://github.com/seaweedfs/seaweedfs/releases/tag/3.69
Пакеты
Наименование
github.com/seaweedfs/seaweedfs
go
Затронутые версииВерсия исправления
< 0.0.0-20240625155419-9ac102336200
0.0.0-20240625155419-9ac102336200
Связанные уязвимости
CVSS3: 6.5
nvd
9 месяцев назад
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.