data/reports: add GO-2023-1494.yaml

Aliases: CVE-2014-125064, GHSA-g7mw-9pf9-p2pm Fixes golang/vulndb#1494 Change-Id: Ib99a2e0d06d5163fe17db7e095514d827fda3caf Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464303 Run-TryBot: Julie Qiu <julieqiu@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Auto-Submit: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-01-31 22:23:06 -05:00 · 2023-01-31 22:23:06 -05:00 · 97c35d169f
--- a/data/osv/GO-2023-1494.json
+++ b/data/osv/GO-2023-1494.json
@ -0,0 +1,55 @@
 {
  "id": "GO-2023-1494",
  "published": "0001-01-01T00:00:00Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2014-125064",
    "GHSA-g7mw-9pf9-p2pm"
  ],
  "details": "There is a potential for SQL injection through manipulate of the sqlStatement argument.",
  "affected": [
    {
      "package": {
        "name": "github.com/elgs/gosqljson",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20220916234230-750f26ee23c7"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2023-1494"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/elgs/gosqljson",
            "symbols": [
              "ExecDb",
              "QueryDbToArray",
              "QueryDbToArrayJson",
              "QueryDbToMap",
              "QueryDbToMapJson"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a"
    }
  ],
  "schema_version": "1.3.1"
 }
--- a/data/reports/GO-2023-1494.yaml
+++ b/data/reports/GO-2023-1494.yaml
@ -0,0 +1,22 @@
 modules:
  - module: github.com/elgs/gosqljson
    versions:
      - fixed: 0.0.0-20220916234230-750f26ee23c7
    vulnerable_at: 0.0.0-20140902115517-fa34a82f9316
    packages:
      - package: github.com/elgs/gosqljson
        symbols:
          - ExecDb
          - QueryDbToArray
          - QueryDbToMap
        derived_symbols:
          - QueryDbToArrayJson
          - QueryDbToMapJson
 description: There is a potential for SQL injection through manipulate of the sqlStatement
    argument.
 cves:
  - CVE-2014-125064
 ghsas:
  - GHSA-g7mw-9pf9-p2pm
 references:
  - fix: https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a