2 matches found
CVE-2023-28424
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...
PT-2023-21711 · Soko · Soko
Name of the Vulnerable Software and Affected Versions: Soko versions prior to 1.0.2 Description: The issue affects the package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, allowing unauthenticated attackers to execute arbitrary SQL queries on...