Lucene search

GoogleOSV:GO-2024-2990

HistoryJul 22, 2024 - 6:24 p.m.

1Panel has an SQL injection issue related to the orderBy clause in github.com/1Panel-dev/1Panel

2024-07-2218:24:24

Google

osv.dev

sql injection

orderby

github

1panel-dev

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

1Panel has an SQL injection issue related to the orderBy clause in github.com/1Panel-dev/1Panel.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/1Panel-dev/1Panel before v1.10.12-tls.

References

github.com/1Panel-dev/1Panel/commit/ff549a47937c1314e6ee08453a1d2128242440cd

github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6

nvd.nist.gov/vuln/detail/CVE-2024-39907

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Related for OSV:GO-2024-2990