CVE-2019-15562
N/A
N/A
Summary
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/jinzhu/gorm/releases/tag/v1.9.10
- https://github.com/go-gorm/gorm/pull/2519
- https://github.com/go-gorm/gorm/pull/2674
- https://github.com/go-gorm/gorm/issues/2517#issuecomment-638145427
References
- https://github.com/jinzhu/gorm/releases/tag/v1.9.10
- https://github.com/go-gorm/gorm/pull/2519
- https://github.com/go-gorm/gorm/pull/2674
- https://github.com/go-gorm/gorm/issues/2517#issuecomment-638145427
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.