PT-2023-12402 · Hesburgh Libraries Of Notre Dame · Sipity
Published
2023-01-02
·
Updated
2024-05-17
·
CVE-2021-4298
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hesburgh Libraries of Notre Dame Sipity versions prior to 2021.8
Description
A critical issue has been found, affecting the
SearchCriteriaForWorksParameter function in the file app/parameters/sipity/parameters/search criteria for works parameter.rb. This issue leads to sql injection.Recommendations
For versions prior to 2021.8, upgrade to version 2021.8 to address this issue. As a temporary workaround, consider restricting access to the
SearchCriteriaForWorksParameter function until the upgrade is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sipity