{"id":"GO-2020-0021","summary":"SQL Injection in github.com/gogits/gogs","details":"Due to improper sanitization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been sanitized by the caller.","aliases":["CVE-2014-8681","GHSA-mr6h-chqp-p9g2"],"modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2020-0021"},"references":[{"type":"FIX","url":"https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8"},{"type":"WEB","url":"https://seclists.org/fulldisclosure/2014/Nov/31"}],"affected":[{"package":{"name":"github.com/gogits/gogs","ecosystem":"Go","purl":"pkg:golang/github.com/gogits/gogs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.8"}]}],"ecosystem_specific":{"imports":[{"symbols":["GetIssues","SearchRepositoryByName","SearchUserByName"],"path":"github.com/gogits/gogs"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2020-0021.json"}}],"schema_version":"1.7.3","credits":[{"name":"Pascal Turbing"},{"name":"Jiahua (Joe) Chen"}]}