Impact
The GraphiQL resolver PackageSearch, implemented in pkg/api/graphql/resolvers/resolver.go, is affected by a SQL injection via the searchTerm parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on https://packages.gentoo.org/. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container.
Patches
- The issue was addressed in 428b119 using prepared statements to interpolate user-controlled data in SQL queries.
References
Impact
The GraphiQL resolver
PackageSearch, implemented inpkg/api/graphql/resolvers/resolver.go, is affected by a SQL injection via thesearchTermparameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on https://packages.gentoo.org/. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container.Patches
References