-
Notifications
You must be signed in to change notification settings - Fork 85
Expand file tree
/
Copy pathPYSEC-2018-98.yaml
More file actions
58 lines (58 loc) · 1.33 KB
/
PYSEC-2018-98.yaml
File metadata and controls
58 lines (58 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
id: PYSEC-2018-98
details: A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5
and 1.8.6 that leads to read and extract of any data from any table in the pycsw
database that the database user has access to. Also on PostgreSQL (at least) it
is possible to perform updates/inserts/deletes and database modifications to any
table the database user has access to.
affected:
- package:
name: pycsw
ecosystem: PyPI
purl: pkg:pypi/pycsw
ranges:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: 1.8.6
- introduced: 1.10.0
- fixed: 1.10.5
- introduced: 2.0.0
- fixed: 2.0.2
versions:
- 1.10.0
- 1.10.1
- 1.10.2
- 1.10.3
- 1.10.4
- 1.4.0
- 1.4.1
- 1.4.2
- 1.6.0
- 1.6.1
- 1.6.2
- 1.6.3
- 1.6.4
- 1.8.0
- 1.8.1
- 1.8.2
- 1.8.3
- 1.8.4
- 1.8.5
- 2.0.0
- 2.0.1
references:
- type: WEB
url: https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
- type: WEB
url: https://github.com/geopython/pycsw/pull/474/files
- type: WEB
url: http://seclists.org/oss-sec/2016/q4/406
- type: WEB
url: http://www.securityfocus.com/bid/94302
- type: ADVISORY
url: https://github.com/advisories/GHSA-hg4c-rgvm-964g
aliases:
- CVE-2016-8640
- GHSA-hg4c-rgvm-964g
modified: '2021-08-27T03:22:16.790168Z'
published: '2018-08-01T18:29:00Z'