matrix-appservice-irc is vulnerable to sql injection. The vulnerability exists in getRoomVisibility
function in PgDataStore.ts
because the user provided inputs are not properly validated which allows an attacker to inject and execute arbitrary SQL commands.
CPE | Name | Operator | Version |
---|---|---|---|
matrix-appservice-irc | le | 0.35.0 | |
matrix-appservice-irc | le | 0.35.0 |
github.com/advisories/GHSA-ffwf-47x2-jpr8
github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7
github.com/matrix-org/matrix-appservice-irc/pull/1619
github.com/matrix-org/matrix-appservice-irc/releases/tag/0.35.1
github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0
vuldb.com/?id.213550