Lucene search

K

GoogleOSV:GHSA-HG4C-RGVM-964G

HistoryAug 15, 2018 - 8:02 p.m.

SQL Injection in pycsw

2018-08-1520:02:53

Google

osv.dev

8

0.002 Low

EPSS

Percentile

56.8%

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.

CPENameOperatorVersion
pycsweq1.4.0
pycsweq1.8.1
pycsweq1.10.2
pycsweq1.6.1
pycsweq1.8.3
pycsweq1.4.1
pycsweq1.8.5
pycsweq2.0.0
pycsweq1.8.0
pycsweq1.8.4

Rows per page:

1-10 of 211

References

seclists.org/oss-sec/2016/q4/406

www.securityfocus.com/bid/94302

github.com/advisories/GHSA-hg4c-rgvm-964g

github.com/geopython/pycsw

github.com/geopython/pycsw/commit/522873e5ce48bb9cbd4e7e8168ca881ce709c222

github.com/geopython/pycsw/commit/69546e13527c82e4f9191769215490381ad511b2

github.com/geopython/pycsw/commit/daaf09b4b920708a415be3c7f446739661ba3753

github.com/geopython/pycsw/pull/474/files

nvd.nist.gov/vuln/detail/CVE-2016-8640

patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch

0.002 Low

EPSS

Percentile

56.8%

Related for OSV:GHSA-HG4C-RGVM-964G

ubuntucve1 debiancve1 osv2 cvelist1 prion1 nvd1 cve1 github1