Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yY2h2LTg3d2otcGp2Ms4AAh4U
OHDSI WebAPI vulnerable to SQL Injection
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY2h2LTg3d2otcGp2Ms4AAh4U
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-2chv-87wj-pjv2, CVE-2019-15563
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-15563
- https://github.com/OHDSI/WebAPI/pull/1101
- https://github.com/OHDSI/WebAPI/milestone/28?closed=1
- https://github.com/OHDSI/WebAPI/releases/tag/v2.7.2
- https://github.com/OHDSI/WebAPI/commit/d7b12b2f5234e425e5bc76545e75de0d6eb3f8fd
- https://github.com/advisories/GHSA-2chv-87wj-pjv2
Blast Radius: 1.0
Affected Packages
maven:org.ohdsi:WebAPI
Affected Version Ranges: < 2.7.2Fixed in: 2.7.2