CVE-2022-0332: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

January 25, 2022 (updated February 1, 2022)

An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

References

bugzilla.redhat.com/show_bug.cgi?id=2043661
moodle.org/mod/forum/discuss.php?d=431099
nvd.nist.gov/vuln/detail/CVE-2022-0332

Code Behaviors & Features

Detect and mitigate CVE-2022-0332 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →