Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SciTokens vulnerable to SQL Injection in KeyCache
Vulnerability Description
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (such as issuer and key_id). This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. This issue has been patched in version 1.9.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
scitokens 安全漏洞
Vulnerability Description
scitokens是SciTokens开源的一个基于JWT的科学计算令牌库。 SciTokens 1.9.6之前版本存在安全漏洞,该漏洞源于KeyCache类使用Python的str.format()构建包含用户提供数据的SQL查询,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A