CVE-2019-15562

Name of the Vulnerable Software and Affected Versions GORM versions prior to 1.9.10

Description The issue allows SQL injection via incomplete parentheses. It is noted that misusing GORM by passing untrusted user input where GORM expects trusted SQL fragments is a vulnerability in the application, not in GORM.

Recommendations For versions prior to 1.9.10, update to version 1.9.10 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to prevent SQL injection attacks. Restrict access to sensitive data and ensure that only trusted SQL fragments are passed to GORM.