CVE-2016-3072: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
(updated )
An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database.
References
- access.redhat.com/errata/RHSA-2016:1083
- access.redhat.com/security/cve/CVE-2016-3072
- bugzilla.redhat.com/show_bug.cgi?id=1322050
- github.com/Katello/katello/commit/5645ed4365980a34e30a9c57fe0793dff729e8e4
- github.com/Katello/katello/pull/6051
- github.com/advisories/GHSA-527r-mfmj-prqf
- nvd.nist.gov/vuln/detail/CVE-2016-3072
Code Behaviors & Features
Detect and mitigate CVE-2016-3072 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →