CVE-2024-55586: Withdrawn Advisory: Nette Database SQL injection

December 10, 2024 (updated December 19, 2024)

Withdrawn Advisory

This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references.

Original Description

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.

References

github.com/CSIRTTrizna/CVE-2024-55586
github.com/advisories/GHSA-f626-677r-j5vq
github.com/github/advisory-database/pull/5079
github.com/nette/database
github.com/nette/database/releases
nvd.nist.gov/vuln/detail/CVE-2024-55586
www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html

Code Behaviors & Features

Detect and mitigate CVE-2024-55586 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →