THREAT OPS › Threat News › [GHSA] GHSA-7xw9-549r-8jrc (high) — DIRAC: SQL injection and lack of access control in PilotManager service
[GHSA] GHSA-7xw9-549r-8jrc (high) — DIRAC: SQL injection and lack of access control in PilotManager service
GHSA-7xw9-549r-8jrc Severity: high CVE: None
DIRAC: SQL injection and lack of access control in PilotManager service
### Details A number of the functions in PilotManager pass parameters directly through to the database layer, which then does not do any escaping on the parameters. For example setPilotStatus: https://github.com/DIRACGrid/DIRAC/blob/1738e7c6d2f31d26f1364255d9d2e87b4896c922/src/DIR
Indicators of compromise
- 1738e7c6d2f31d26f1364255d9d2e87b4896c922sha1
- https://pypi.org/project/DIRAC/8.0.79/url
- https://pypi.org/project/DIRAC/9.0.22/url
- https://pypi.org/project/DIRAC/9.1.10/url
Original source: https://github.com/advisories/GHSA-7xw9-549r-8jrc