CVE-2024-55586: Nette Database SQL injection

December 10, 2024

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.

References

github.com/CSIRTTrizna/CVE-2024-55586
github.com/advisories/GHSA-f626-677r-j5vq
github.com/nette/database
github.com/nette/database/releases
nvd.nist.gov/vuln/detail/CVE-2024-55586
www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html

Detect and mitigate CVE-2024-55586 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →