THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-7xw9-549r-8jrc (high) — DIRAC: SQL injection and lack of access control in PilotManager service

[GHSA] GHSA-7xw9-549r-8jrc (high) — DIRAC: SQL injection and lack of access control in PilotManager service

highgithub_advisoriesPublished 2026-07-13

GHSA-7xw9-549r-8jrc Severity: high CVE: None

DIRAC: SQL injection and lack of access control in PilotManager service

### Details A number of the functions in PilotManager pass parameters directly through to the database layer, which then does not do any escaping on the parameters. For example setPilotStatus: https://github.com/DIRACGrid/DIRAC/blob/1738e7c6d2f31d26f1364255d9d2e87b4896c922/src/DIR

Indicators of compromise

Original source: https://github.com/advisories/GHSA-7xw9-549r-8jrc