GSD-2022-29498
Vulnerability from gsd - Updated: 2022-04-20 00:00Details
For some queries, specific variable values can modify the query
rather than just the variable. This can occur if:
1. the query's data source uses different escaping than the Rails database OR
2. the query has a variable inside a string literal
Since Blazer is designed to run arbitrary queries, the impact will typically be low.
Users cannot run any queries they could not have already run. However, an attacker
could get a user to run a query they would not have normally run. If the data source
has write permissions, this could include modifying data in some cases.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29498",
"description": "Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.",
"id": "GSD-2022-29498"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "blazer",
"purl": "pkg:gem/blazer"
}
}
],
"aliases": [
"CVE-2022-29498",
"GHSA-qf9q-q4hh-qph3"
],
"details": "For some queries, specific variable values can modify the query\nrather than just the variable. This can occur if:\n\n1. the query\u0027s data source uses different escaping than the Rails database OR\n2. the query has a variable inside a string literal\n\nSince Blazer is designed to run arbitrary queries, the impact will typically be low.\nUsers cannot run any queries they could not have already run. However, an attacker\ncould get a user to run a query they would not have normally run. If the data source\nhas write permissions, this could include modifying data in some cases.\n",
"id": "GSD-2022-29498",
"modified": "2022-04-20T00:00:00.000Z",
"published": "2022-04-20T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ankane/blazer/issues/392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V3"
}
],
"summary": "SQL injection for certain queries with variables"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ankane/blazer/issues/392",
"refsource": "MISC",
"url": "https://github.com/ankane/blazer/issues/392"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-29498",
"cvss_v3": 7.5,
"date": "2022-04-20",
"description": "For some queries, specific variable values can modify the query\nrather than just the variable. This can occur if:\n\n1. the query\u0027s data source uses different escaping than the Rails database OR\n2. the query has a variable inside a string literal\n\nSince Blazer is designed to run arbitrary queries, the impact will typically be low.\nUsers cannot run any queries they could not have already run. However, an attacker\ncould get a user to run a query they would not have normally run. If the data source\nhas write permissions, this could include modifying data in some cases.\n",
"gem": "blazer",
"ghsa": "qf9q-q4hh-qph3",
"patched_versions": [
"\u003e= 2.6.0"
],
"title": "SQL injection for certain queries with variables",
"url": "https://github.com/ankane/blazer/issues/392"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.6.0",
"affected_versions": "All versions before 2.6.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-89",
"CWE-937"
],
"date": "2022-04-29",
"description": "Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.",
"fixed_versions": [
"2.6.0"
],
"identifier": "CVE-2022-29498",
"identifiers": [
"GHSA-qf9q-q4hh-qph3",
"CVE-2022-29498"
],
"not_impacted": "All versions starting from 2.6.0",
"package_slug": "gem/blazer",
"pubdate": "2022-04-22",
"solution": "Upgrade to version 2.6.0 or above.",
"title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-29498",
"https://github.com/ankane/blazer/issues/392",
"https://github.com/advisories/GHSA-qf9q-q4hh-qph3"
],
"uuid": "d59f8f26-fda4-41be-9a99-7edf1c5f88fc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:blazer_project:blazer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29498"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ankane/blazer/issues/392",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/ankane/blazer/issues/392"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-28T16:24Z",
"publishedDate": "2022-04-21T05:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…