{"schema_version":"1.3.1","id":"GO-2020-0021","modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","aliases":["CVE-2014-8681","GHSA-mr6h-chqp-p9g2"],"summary":"SQL Injection in github.com/gogits/gogs","details":"Due to improper sanitization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been sanitized by the caller.","affected":[{"package":{"name":"github.com/gogits/gogs","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.8"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/gogits/gogs","symbols":["GetIssues","SearchRepositoryByName","SearchUserByName"]}]}}],"references":[{"type":"FIX","url":"https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8"},{"type":"WEB","url":"https://seclists.org/fulldisclosure/2014/Nov/31"}],"credits":[{"name":"Pascal Turbing"},{"name":"Jiahua (Joe) Chen"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2020-0021","review_status":"REVIEWED"}}