CVE-2020-36645

A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.2 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/square/squalor/commit/f6f0a47cc344711042eb0970cb423e6950ba3f93	Patch
https://github.com/square/squalor/pull/76	Patch
https://github.com/square/squalor/releases/tag/v0.0.0	Release Notes
https://vuldb.com/?ctiid.217623	Third Party Advisory
https://vuldb.com/?id.217623	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:square:squalor:-:*:*:*:*:go:*:*

History

No history.

Information

Published : 2023-01-07 19:15

Updated : 2024-05-17 01:48

NVD link : CVE-2020-36645

Mitre link : CVE-2020-36645

CVE.ORG link : CVE-2020-36645

JSON object : View

Products Affected

square

squalor

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2020-36645", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2023-01-07T19:15:09.383", "references": [{"url": "https://github.com/square/squalor/commit/f6f0a47cc344711042eb0970cb423e6950ba3f93", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/square/squalor/pull/76", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/square/squalor/releases/tag/v0.0.0", "tags": ["Release Notes"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.217623", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.217623", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en la librer\u00eda square/squalor. Esto afecta a una parte desconocida. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. La actualizaci\u00f3n a la versi\u00f3n v0.0.0 puede solucionar este problema. El parche se llama f6f0a47cc344711042eb0970cb423e6950ba3f93. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-217623."}], "lastModified": "2024-05-17T01:48:54.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:square:squalor:-:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "CB0806B0-7DBC-4EB8-BDE2-089712486879"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}