Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-200

Single quote SQL Injection in PostgresClient.update(table, updateSection, ...)

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 70
    • Story Points:
      1
    • Development Team:
      Core: Platform

      Description

      Invoke PostgresClient.delete(table, updateSection, when, returnCount, handler) with a updateSection that has a value that contains a single quote. Example in updateSectionSingleQuote() unit test:
      https://github.com/folio-org/raml-module-builder/blob/8f1e06d9020597208e741fe8aa618f8e051c04dd/domain-models-runtime/src/test/java/org/folio/rest/persist/PostgresClientIT.java#L373-L380

      It fails with "unterminated quoted identifier", reported by PostgreSQL's SQL scanner.

      CVE-2019-15534 has been assigned to this vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15534

      Fix: https://github.com/folio-org/raml-module-builder/pull/501

      Affected versions: All below 27.0.0 (the "Affects version/s" list above is incomplete).

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                julianladisch Julian Ladisch
                Reporter:
                julianladisch Julian Ladisch
                Tester Assignee:
                Adam Dickmeiss Adam Dickmeiss
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases