CVE-2018-1002161: SQL injection in multiple remote calls

February 21, 2019

SQL injection vulnerabilities have been found in multiple call handlers in Koji’s hub code. An anonymous attacker can use these vulnerabilities to issue arbitrary database commands.

References

docs.pagure.org/koji/CVE-2018-1002161/
pagure.io/koji/issue/1183

Code Behaviors & Features

Detect and mitigate CVE-2018-1002161 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →