Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
History

Thu, 10 Jul 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Stashapp
Stashapp stash
CPEs cpe:2.3:a:stashapp:stash:*:*:*:*:*:*:*:*
Vendors & Products Stashapp
Stashapp stash

Fri, 22 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}


Fri, 16 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 15 Aug 2024 18:15:00 +0000

Type Values Removed Values Added
Description Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-15T00:00:00

Updated: 2024-11-22T20:58:52.799Z

Reserved: 2024-04-12T00:00:00

Link: CVE-2024-32231

cve-icon Vulnrichment

Updated: 2024-08-16T13:45:27.933Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-15T18:15:19.507

Modified: 2025-07-10T15:42:03.543

Link: CVE-2024-32231

cve-icon Redhat

No data.