{"id":"CVE-2024-55586","details":"Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.","modified":"2026-04-10T05:19:20.452877Z","published":"2024-12-10T14:30:47.813Z","references":[{"type":"WEB","url":"https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html"},{"type":"PACKAGE","url":"https://github.com/CSIRTTrizna/CVE-2024-55586"},{"type":"PACKAGE","url":"https://github.com/nette/database/releases"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nette/database","events":[{"introduced":"0"},{"last_affected":"8e9a427d98ec0929102ee037016bb47eb7e8b75c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2.4"}]}}],"versions":["v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1","v2.4.2","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.9","v3.2.0","v3.2.1","v3.2.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55586.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}