Vulnerability Report: GO-2023-1295
- CVE-2020-36645, GHSA-3hc7-2xcc-7p8f
- Affects: github.com/square/squalor
- Published: Feb 01, 2023
- Modified: May 20, 2024
There is a potential for SQL injection in the table name parameter.
Affected Packages
-
PathVersionsSymbols
-
before v0.0.0-20200306154055-f6f0a47cc344
85 affected symbols
- AliasedTableExpr.Serialize
- AndExpr.Serialize
- BinaryExpr.Serialize
- ColName.Serialize
- Columns.Serialize
- ComparisonExpr.Serialize
- DB.BindModel
- DB.Delete
- DB.DeleteContext
- DB.Exec
- DB.ExecContext
- DB.Get
- DB.GetContext
- DB.Insert
- DB.InsertContext
- DB.InsertIgnore
- DB.InsertIgnoreContext
- DB.MustBindModel
- DB.Query
- DB.QueryContext
- DB.QueryRow
- DB.QueryRowContext
- DB.Replace
- DB.ReplaceContext
- DB.Select
- DB.SelectContext
- DB.Update
- DB.UpdateContext
- DB.Upsert
- DB.UpsertContext
- Delete.Serialize
- FuncExpr.Serialize
- GroupBy.Serialize
- Insert.Serialize
- JoinTableExpr.Serialize
- Limit.Serialize
- LoadTable
- NonStarExpr.Serialize
- NotExpr.Serialize
- NullCheck.Serialize
- OnDup.Serialize
- OnJoinCond.Serialize
- OrExpr.Serialize
- Order.Serialize
- OrderBy.Serialize
- ParenBoolExpr.Serialize
- RangeCond.Serialize
- Select.Serialize
- SelectExprs.Serialize
- Serialize
- StandardLogger.Log
- StarExpr.Serialize
- TableExprs.Serialize
- TableName.Serialize
- TableNames.Serialize
- Tx.Delete
- Tx.DeleteContext
- Tx.Exec
- Tx.ExecContext
- Tx.Get
- Tx.GetContext
- Tx.Insert
- Tx.InsertContext
- Tx.InsertIgnore
- Tx.InsertIgnoreContext
- Tx.Query
- Tx.QueryContext
- Tx.QueryRow
- Tx.QueryRowContext
- Tx.Replace
- Tx.ReplaceContext
- Tx.Select
- Tx.SelectContext
- Tx.Update
- Tx.UpdateContext
- Tx.Upsert
- Tx.UpsertContext
- Update.Serialize
- UpdateExpr.Serialize
- UpdateExprs.Serialize
- UsingJoinCond.Serialize
- ValExprs.Serialize
- ValTuple.Serialize
- Values.Serialize
- Where.Serialize
Aliases
References
- https://github.com/square/squalor/pull/76
- https://github.com/square/squalor/pull/76/commits/033350b8596b397c6cefa066b1f2c83d35fc8c4a
- https://vuln.go.dev/ID/GO-2023-1295.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.