silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector

2024-05-2813:01:48

Google

osv.dev

silverstripe

framework

sql injection

postgresql

database adapter

vulnerability

patched

8.1 High

AI Score

Confidence

Low

JSON

A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code.

CPENameOperatorVersion
silverstripe/frameworkeq4.0.5
silverstripe/frameworkeq4.2.1
silverstripe/frameworkeq4.1.2
silverstripe/frameworkeq4.0.0
silverstripe/frameworkeq4.1.0-rc1
silverstripe/frameworkeq4.0.0-rc3
silverstripe/frameworkeq4.1.0
silverstripe/frameworkeq4.0.1
silverstripe/frameworkeq4.1.3
silverstripe/frameworkeq4.0.3

Name	Operator	Version
silverstripe/framework	eq	4.0.5
silverstripe/framework	eq	4.2.1
silverstripe/framework	eq	4.1.2
silverstripe/framework	eq	4.0.0
silverstripe/framework	eq	4.1.0-rc1
silverstripe/framework	eq	4.0.0-rc3
silverstripe/framework	eq	4.1.0
silverstripe/framework	eq	4.0.1
silverstripe/framework	eq	4.1.3
silverstripe/framework	eq	4.0.3

Rows per page:

1-10 of 191

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-020-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/48bd335648188df9dae72be1e5f9c808f3fe1e77

github.com/silverstripe/silverstripe-framework/commit/fecedc2d98eeaaff6424fb59dc70ef6bdc6dc92d

www.silverstripe.org/download/security-releases/ss-2018-020

8.1 High

AI Score

Confidence

Low

JSON