CVE-2023-7333: records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. Developers should upgrade the affected component.
References
- github.com/advisories/GHSA-p3jp-7gj7-h6pr
- github.com/bluelabsio/records-mover
- github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa
- github.com/bluelabsio/records-mover/pull/254
- github.com/bluelabsio/records-mover/releases/tag/v1.6.0
- nvd.nist.gov/vuln/detail/CVE-2023-7333
- vuldb.com/?ctiid.339566
- vuldb.com/?id.339566
Code Behaviors & Features
Detect and mitigate CVE-2023-7333 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →