CVE-2019-10766: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

November 20, 2019 (updated August 18, 2021)

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.

References

github.com/advisories/GHSA-68wg-qv6r-j4vp
github.com/usmanhalalit/pixie/commit/9bd991021abbcbfb19347a07dca8b7e518b8abc9
nvd.nist.gov/vuln/detail/CVE-2019-10766
snyk.io/vuln/SNYK-PHP-USMANHALALITPIXIE-534879

Code Behaviors & Features

Detect and mitigate CVE-2019-10766 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →