CVE-2023-22494

CVSS V2 None CVSS V3 None
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-20018. Reason: This candidate is a reservation duplicate of CVE-2016-20018. Notes: All CVE users should reference CVE-2016-20018 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Overview
  • CVE ID
  • CVE-2023-22494
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2023-01-13T16:15:09
  • Last Modified Date
  • 2023-01-13T21:15:16
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
References
Reference URL Reference Tags
https://github.com/curveball/a12n-server/commit/f4acd7549043e6e2b8917b77a50dce0756a922cc
https://github.com/curveball/a12n-server/releases/tag/v0.23.0
https://github.com/curveball/a12n-server/security/advisories/GHSA-crhg-xgrg-vvcc
https://github.com/knex/knex/issues/1227
https://www.ghostccamm.com/blog/knex_sqli/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-22494
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22494
History
Created Old Value New Value Data Type Notes
2023-01-13 16:17:48 Added to TrackCVE
2023-01-13 16:17:49 Weakness Enumeration new
2023-01-13 19:14:46 2023-01-13T18:23:08 CVE Modified Date updated
2023-01-13 19:14:46 Received Awaiting Analysis Vulnerability Status updated
2023-01-13 21:17:40 2023-01-13T21:15:16 CVE Modified Date updated
2023-01-13 21:17:40 Awaiting Analysis Rejected Vulnerability Status updated
2023-01-13 21:17:43 a12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-20018. Reason: This candidate is a reservation duplicate of CVE-2016-20018. Notes: All CVE users should reference CVE-2016-20018 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Description updated