{"id":"CVE-2019-15562","details":"GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm","modified":"2026-03-14T09:34:06.640899Z","published":"2019-08-26T13:15:11.663Z","references":[{"type":"ADVISORY","url":"https://github.com/go-gorm/gorm/issues/2517#issuecomment-638145427"},{"type":"ADVISORY","url":"https://github.com/go-gorm/gorm/pull/2519"},{"type":"ADVISORY","url":"https://github.com/go-gorm/gorm/pull/2674"},{"type":"ADVISORY","url":"https://github.com/jinzhu/gorm/releases/tag/v1.9.10"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jinzhu/gorm","events":[{"introduced":"0"},{"fixed":"836fb2c19d84dac7b0272958dfb9af7cf0d0ade4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.9.10"}]}}],"versions":["v1.0","v1.9","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15562.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}