Shulou(Shulou.com)11/24 Report--

CTOnews.com July 3 news, the network security company SonarSource found that there is a vulnerability in Gentoo Linux distribution CVE-2023-28424, which can be used by hackers to carry out SQL injection attacks.

The researchers found this vulnerability in GentooLinux's Soko search component. The vulnerability has a CVSS risk score of 9.1, which is a particularly significant vulnerability that has been fixed by the GentooLinux development team within 24 hours of exposure.

▲ diagram source SonarSource

▲ source SonarSource it is reported that the Soko component is a public API, which can provide higher efficiency when searching software packages in the system, and can trace and trace the software source errors.

The cause of this vulnerability in ▲ source SonarSource is mainly due to "improper database configuration". Even when object relational mapping (Object-RelationalMapping) is applied, attackers can still use this vulnerability for SQL injection to run malicious code on the victim's device. at present, the vulnerability has been fixed, and interested CTOnews.com friends can find more reports here.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.