Vulnerability Report: GO-2023-2162
- CVE-2023-41891, GHSA-r847-6w6h-r8g4
- Affects: github.com/flyteorg/flyteadmin
- Published: Nov 02, 2023
- Modified: May 20, 2024
A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.1.124
Aliases
References
- https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd
- https://vuln.go.dev/ID/GO-2023-2162.json
Credits
- @Sanjana-Sarda
Feedback
See anything missing or incorrect?
Suggest an edit to this report.