GSA_kwCzR0hTQS01MjdyLW1mbWotcHJxZs4AATl1

High EPSS: 0.00855% (0.74017 Percentile) EPSS:

Permalink JSON

Katello SQL Injection vulnerabilities

Affected Packages	Affected Versions	Fixed Versions
rubygems:katello PURL: `pkg:gem/katello`	< 2.4.3	2.4.3
9 Dependent packages 10 Dependent repositories 398,867 Downloads total Affected Version Ranges All affected versions 1.5.0, 2.2.2, 2.4.0, 2.4.1, 2.4.2 All unaffected versions 2.4.3, 2.4.4, 2.4.5, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.4.4, 3.4.5, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.7.0, 3.7.1, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.10.2, 3.11.0, 3.11.1, 3.11.2, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.14.0, 3.14.1, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.18.4, 3.18.5, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9.0, 4.9.1, 4.9.2, 4.10.0, 4.11.0, 4.11.1, 4.12.0, 4.12.1, 4.13.0, 4.13.1, 4.14.0, 4.14.1, 4.14.2, 4.14.3, 4.15.0, 4.15.1, 4.16.0, 4.16.1, 4.16.2, 4.16.3, 4.17.0, 4.17.1

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

References:

Identifiers

GHSA-527r-mfmj-prqf

CVE-2016-3072

Risk

Severity

High

EPSS

EPSS Percentage: 0.00855

EPSS Percentile: 0.74017

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Katello/katello

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories