Open mend-for-github-com[bot] opened 2 years ago
The fantastic ORM library for Golang, aims to be developer friendly
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Found in HEAD commit: 65bcd58cd4b5f086be7b413b47676b24145763de
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **github.com/jinzhu/gorm-v1.9** (Vulnerable Library)
Found in base branch: main
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
Publish Date: 2019-08-26
URL: CVE-2019-15562
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15562
Release Date: 2019-08-26
Fix Resolution: v1.9.10
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
The fantastic ORM library for Golang, aims to be developer friendly
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Found in HEAD commit: 65bcd58cd4b5f086be7b413b47676b24145763de
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-15562
### Vulnerable Library - github.com/jinzhu/gorm-v1.9The fantastic ORM library for Golang, aims to be developer friendly
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy: - :x: **github.com/jinzhu/gorm-v1.9** (Vulnerable Library)
Found in HEAD commit: 65bcd58cd4b5f086be7b413b47676b24145763de
Found in base branch: main
### Vulnerability DetailsGORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
Publish Date: 2019-08-26
URL: CVE-2019-15562
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15562
Release Date: 2019-08-26
Fix Resolution: v1.9.10
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules