{"id":"GHSA-76j4-gggq-7rg9","summary":"SQLinjection in falcon-plus","details":"Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.","aliases":["CVE-2022-26245"],"modified":"2023-11-08T04:08:53.554055Z","published":"2022-03-28T00:00:20Z","database_specific":{"severity":"CRITICAL","nvd_published_at":"2022-03-27T14:15:00Z","github_reviewed_at":"2022-04-07T15:28:23Z","github_reviewed":true,"cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26245"},{"type":"WEB","url":"https://github.com/open-falcon/falcon-plus/issues/951"},{"type":"PACKAGE","url":"github.com/open-falcon/falcon-plus"}],"affected":[{"package":{"name":"github.com/open-falcon/falcon-plus","ecosystem":"Go","purl":"pkg:golang/github.com/open-falcon/falcon-plus"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"last_affected":"0.3.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-76j4-gggq-7rg9/GHSA-76j4-gggq-7rg9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}