CVE-2021-4262

Опубликовано: 19 дек. 2022

Источник: nvd

CVSS3: 5.5

CVSS3: 9.8

EPSS Низкий

Описание

A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271.

Ссылки

https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e
Patch
Third Party Advisory
https://github.com/mgallegos/laravel-jqgrid/pull/72
Patch
Third Party Advisory
https://vuldb.com/?id.216271
Third Party Advisory
https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e
Patch
Third Party Advisory
https://github.com/mgallegos/laravel-jqgrid/pull/72
Patch
Third Party Advisory
https://vuldb.com/?id.216271
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:laravel_jqgrid_project:laravel_jqgrid:*:*:*:*:*:*:*:*

Версия до 2017-10-09 (исключая)

EPSS

Процентиль: 53%

0.00297

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-707

CWE-89

Связанные уязвимости

GHSA-3fhj-wpvj-x5w8

CVSS3: 9.8

github

около 3 лет назад

laravel-jqgrid vulnerable to SQL Injection

EPSS

Процентиль: 53%

0.00297

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-707

CWE-89