Bug 49445
| Summary: | sql injection in remove_s4_rejected.py | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Florian Best <best> |
| Component: | S4 Connector | Assignee: | Florian Best <best> |
| Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
| Severity: | normal | ||
| Priority: | P5 | Flags: | best:
Patch_Available+
|
| Version: | UCS 4.4 | ||
| Target Milestone: | UCS 4.4-0-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 26501, 49640, 49865 | ||
| Attachments: | patch | ||
univention-s4-connector.yaml ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py univention-s4-connector (13.0.2-16) ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py OK |
Created attachment 10020 [details] patch root@master100:/usr/share/univention-s4-connector# ./remove_s4_rejected.py 'OU=ôscŵ\?ê\3Dô\<4,OU=öGF!*'"'"')%%ẑ,DC=school,DC=dev' Traceback (most recent call last): File "./remove_s4_rejected.py", line 66, in <module> remove_s4_rejected(s4_dn) File "./remove_s4_rejected.py", line 46, in remove_s4_rejected c.execute("SELECT key FROM 'S4 rejected' WHERE value='%s'" % s4_dn) sqlite3.OperationalError: near ")": syntax error