CVE-2019-15562

Published August 26th, 2019

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECTS

Description

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm

jinzhu/gorm

GORM V1, V2 moved to https://github.com/go-gorm/gorm

GitHub

661

go-gorm/gorm

The fantastic ORM library for Golang, aims to be developer friendly

GitHub

39.8K