Lucene search
GoogleOSV:GHSA-G622-R636-QFQHHistoryFeb 15, 2022 - 1:57 a.m.
SQL Injection in Couchbase Sync Gateway
2022-02-1501:57:18
Google
osv.dev
11
0.005 Low
EPSS
Percentile
76.4%
The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters ?startkey? and ?endkey? of the ?_all_docs? endpoint.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/couchbase/sync_gateway | lt | 2.5.0 |
References
docs.couchbase.com/sync-gateway/2.5/release-notes.html
github.com/couchbase/sync_gateway/commit/97adb5b496aa96aa70398018ea96da913ffd8d8c
nvd.nist.gov/vuln/detail/CVE-2019-9039
research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039
www.couchbase.com/resources/security#SecurityAlerts
Related
cvelist
cvelist
CVE-2019-9039
2019-06-26 18:55:45
prion
prion
Design/Logic Flaw
2019-06-26 19:15:00
nvd
nvd
CVE-2019-9039
2019-06-26 19:15:11
github
github
SQL Injection in Couchbase Sync Gateway
2022-02-15 01:57:18
cve
cve
CVE-2019-9039
2019-06-26 19:15:11