CVE-2023-30625

Description

rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server

How to fix CVE-2023-30625

To remediate CVE-2023-30625, upgrade the affected package to a fixed version below.

• Go/github.com/rudderlabs/rudder-server—upgrade to 1.3.0-rc.1 or later
• Go/github.com/rudderlabs/rudder-server—upgrade to 1.3.0-rc.1 or later

Is CVE-2023-30625 being exploited?

Likely — EPSS is 89.6%, placing CVE-2023-30625 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

• from 0, < 1.3.0-rc.1
• from 0, < 1.3.0-rc.1

CVSS scores

References (12)

• ADVISORYgithub.com/advisories/GHSA-3jmm-f6jj-rcc3
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-30625
• ADVISORYsecuritylab.github.com/advisories/GHSL-2022-097_rudder-server
• PATCHgithub.com/rudderlabs/rudder-server