{"id":"GO-2023-1295","summary":"SQL injection in github.com/square/squalor","details":"There is a potential for SQL injection in the table name parameter.","aliases":["CVE-2020-36645","GHSA-3hc7-2xcc-7p8f"],"modified":"2024-05-20T16:03:47Z","published":"2023-02-01T23:19:27Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-1295","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://github.com/square/squalor/pull/76"},{"type":"FIX","url":"https://github.com/square/squalor/pull/76/commits/033350b8596b397c6cefa066b1f2c83d35fc8c4a"}],"affected":[{"package":{"name":"github.com/square/squalor","ecosystem":"Go","purl":"pkg:golang/github.com/square/squalor"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20200306154055-f6f0a47cc344"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/square/squalor","symbols":["AliasedTableExpr.Serialize","AndExpr.Serialize","BinaryExpr.Serialize","ColName.Serialize","Columns.Serialize","ComparisonExpr.Serialize","DB.BindModel","DB.Delete","DB.DeleteContext","DB.Exec","DB.ExecContext","DB.Get","DB.GetContext","DB.Insert","DB.InsertContext","DB.InsertIgnore","DB.InsertIgnoreContext","DB.MustBindModel","DB.Query","DB.QueryContext","DB.QueryRow","DB.QueryRowContext","DB.Replace","DB.ReplaceContext","DB.Select","DB.SelectContext","DB.Update","DB.UpdateContext","DB.Upsert","DB.UpsertContext","Delete.Serialize","FuncExpr.Serialize","GroupBy.Serialize","Insert.Serialize","JoinTableExpr.Serialize","Limit.Serialize","LoadTable","NonStarExpr.Serialize","NotExpr.Serialize","NullCheck.Serialize","OnDup.Serialize","OnJoinCond.Serialize","OrExpr.Serialize","Order.Serialize","OrderBy.Serialize","ParenBoolExpr.Serialize","RangeCond.Serialize","Select.Serialize","SelectExprs.Serialize","Serialize","StandardLogger.Log","StarExpr.Serialize","Table.loadColumns","Table.loadKeys","TableExprs.Serialize","TableName.Serialize","TableNames.Serialize","Tx.Delete","Tx.DeleteContext","Tx.Exec","Tx.ExecContext","Tx.Get","Tx.GetContext","Tx.Insert","Tx.InsertContext","Tx.InsertIgnore","Tx.InsertIgnoreContext","Tx.Query","Tx.QueryContext","Tx.QueryRow","Tx.QueryRowContext","Tx.Replace","Tx.ReplaceContext","Tx.Select","Tx.SelectContext","Tx.Update","Tx.UpdateContext","Tx.Upsert","Tx.UpsertContext","Update.Serialize","UpdateExpr.Serialize","UpdateExprs.Serialize","UsingJoinCond.Serialize","ValExprs.Serialize","ValTuple.Serialize","Values.Serialize","Where.Serialize","quoteName"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1295.json"}}],"schema_version":"1.7.3"}