Lucene search
Veracode Vulnerability DatabaseVERACODE:33888HistoryJan 25, 2022 - 5:08 a.m.
SQL Injection
2022-01-2505:08:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.001 Low
EPSS
Percentile
27.2%
github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability exists in OrderBy function of criteria.go due to not handling the conditional sql statements properly which allows a malicious attacker to inject and execute arbitrary SQL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/navidrome/navidrome | eq | v0.47.0 | |
| github.com/navidrome/navidrome | eq | v0.47.0 |
Related
cve
cve
CVE-2022-23857
2022-01-24 02:15:06
cvelist
cvelist
CVE-2022-23857
2022-01-24 01:56:34
alpinelinux
alpinelinux
CVE-2022-23857
2022-01-24 02:15:06
osv
osv
SQL injection in github.com/navidrome/navidrome
2022-01-27 16:23:02
CVE-2022-23857
2022-01-24 02:15:06
cnvd
cnvd
Navidrome SQL Injection Vulnerability
2022-01-26 00:00:00
prion
prion
Sql injection
2022-01-24 02:15:00
github
github
SQL injection in github.com/navidrome/navidrome
2022-01-27 16:23:02
nvd
nvd
CVE-2022-23857
2022-01-24 02:15:06