Lucene search
GoogleOSV:GHSA-PMCR-2RHP-36HRHistoryJan 27, 2022 - 4:23 p.m.
SQL injection in github.com/navidrome/navidrome
2022-01-2716:23:02
Google
osv.dev
6
0.001 Low
EPSS
Percentile
27.2%
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users’ encrypted passwords).
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/navidrome/navidrome | lt | 0.47.5 |
Related
cve
cve
CVE-2022-23857
2022-01-24 02:15:06
cvelist
cvelist
CVE-2022-23857
2022-01-24 01:56:34
alpinelinux
alpinelinux
CVE-2022-23857
2022-01-24 02:15:06
cnvd
cnvd
Navidrome SQL Injection Vulnerability
2022-01-26 00:00:00
prion
prion
Sql injection
2022-01-24 02:15:00
github
github
SQL injection in github.com/navidrome/navidrome
2022-01-27 16:23:02
osv
osv
CVE-2022-23857
2022-01-24 02:15:06
veracode
veracode
SQL Injection
2022-01-25 05:08:04
nvd
nvd
CVE-2022-23857
2022-01-24 02:15:06