CVE-2021-43822

{"id": "CVE-2021-43822", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2021-12-13T20:15:07.757", "references": [{"url": "https://github.com/jackalope/jackalope-doctrine-dbal/commit/9d179a36d320330ddb303ea3a7c98d3a33d231db", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jackalope/jackalope-doctrine-dbal/security/advisories/GHSA-ph98-v78f-jqrm", "tags": ["Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jackalope/jackalope-doctrine-dbal/commit/9d179a36d320330ddb303ea3a7c98d3a33d231db", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jackalope/jackalope-doctrine-dbal/security/advisories/GHSA-ph98-v78f-jqrm", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\\Transport\\DoctrineDBAL\\Query\\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `\"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected."}, {"lang": "es", "value": "Jackalope Doctrine-DBAL es una implementaci\u00f3n de la API de Repositorio de Contenido PHP (PHPCR) que usa una base de datos relacional para persistir los datos. En las versiones afectadas los usuarios pueden provocar inyecciones SQL si pueden especificar un nombre de nodo o una consulta. Actualice a versi\u00f3n 1.7.4 para resolver este problema. Si no es posible, puede escapar de todos los lugares donde es usado \"$property\" para filtrar \"sv:name\" en la clase \"Jackalope\\Transport\\DoctrineDBAL\\Query\\QOMWalker\": \"XPath::escape($property)\". Los nombres de nodo y los xpaths pueden contener \"\"\" o \";\" seg\u00fan la especificaci\u00f3n JCR. El componente jackalope que traduce el modelo de objetos de consulta en consultas dbal de la doctrina no escapa adecuadamente los nombres y rutas, por lo que un nombre de nodo convenientemente elaborado puede llevar a una inyecci\u00f3n SQL. Si las consultas nunca son realizadas a partir de la entrada del usuario, o si es comprobada la entrada del usuario para que no contenga \";\", no est\u00e1 afectado"}], "lastModified": "2024-11-21T06:29:52.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jackalope_doctrine-dbal_project:jackalope_doctrine-dbal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDEE924-F711-42C6-91CC-DE195A153967", "versionEndExcluding": "1.7.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}