Soko SQL Injection vulnerability
CVE-2023-28424

9.8CRITICAL

Key Information:

Vendor

Gentoo

Status
Soko
Vendor
CVE Published:
20 March 2023

What is CVE-2023-28424?

The Soko package search handlers, 'Search' and 'SearchFeed', prior to version 1.0.2, are subject to SQL injection vulnerabilities via the 'q' parameter. This flaw allows unauthenticated attackers to execute arbitrary SQL queries against Gentoo's package repository located at https://packages.gentoo.org/. The exploitation of this vulnerability could lead to code execution within the context of the PostgreSQL container. The issue was effectively resolved in version 1.0.2, where prepared statements were utilized to safely handle user-controlled data, mitigating the risk associated with direct SQL query interpolation.

Affected Version(s)

soko < 1.0.2

References

https://github.com/gentoo/soko/security/advisories/GHSA-g...
x_refsource_CONFIRM
https://gitweb.gentoo.org/sites/soko.git/commit/?id=4fa6e...
x_refsource_MISC
https://www.sonarsource.com/blog/why-orms-and-prepared-st...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.