CVE-2023-2681

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-2681

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2681.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-2681

Published

2023-10-03T13:15:09.937Z

Modified

2026-03-13T07:31:50.173593Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection

Affected packages

Git / github.com/bbalet/jorani

Affected ranges

Type

GIT

Repo

https://github.com/bbalet/jorani

Events

Introduced

Last affected

b5f700954e41c158e41c6dd68063778e8b735e26

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

Other

Prototype1

v0.*

v0.1

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1_alpha

v0.1_beta

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.5.0

v0.5.1

v0.6.0

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v1.*

v1.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2681.json"