Jonathan34

**Name of the Vulnerable Software and Affected Versions** GORM versions prior to 1.9.10 **Description** The issue allows SQL injection via incomplete parentheses. It is noted that misusing GORM by passing untrusted user input where GORM expects trusted SQL fragments is a vulnerability in the application, not in GORM. **Recommendations** For versions prior to 1.9.10, update to version 1.9.10 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to prevent SQL injection attacks. Restrict access to sensitive data and ensure that only trusted SQL fragments are passed to GORM.