Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the '-' character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments ('--') and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns.
References
Link | Resource |
---|---|
https://github.com/yahoo/elide/pull/2581 | Patch Third Party Advisory |
https://github.com/yahoo/elide/releases/tag/6.1.4 | Release Notes Third Party Advisory |
https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-04-11T20:13:40
Updated: 2022-04-11T20:13:29
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24827
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-11T21:15:08.470
Modified: 2022-04-19T15:20:46.813
Link: CVE-2022-24827
JSON object: View
Redhat Information
No data.
CWE