SQL Injection Vulnerability in grit grit-assays Data Table Entity Endpoint

Vulnerability Overview Vulnerability Name: SQL Injection in grit2 Data Table Entity Endpoint CVE ID: Pending assignment Vulnerability Type: SQL Injection Severity: HIGH 8.8 Affected Product: grit - Open-source scientific research data management platform built by grit42 A/S Affected Versions: v0.8.0 through v0.11.0 (every public release of the grit-assays module; sink introduced in commit ec0a8f7) Vulnerable Endpoint: GET /api/grit/assays/data_table_entities?data_table_id=PAYLOAD&scope=detailed (and any other scope on the same resource that invokes the detailed or available class methods on Grit::Assays::DataTableEntity) Impact Vulnerability Description: - The vulnerability allows attackers to obtain sensitive information from the database via SQL injection, including hashed passwords, password reset tokens, activation tokens, and two-factor authentication tokens. - Attackers can leverage this vulnerability to perform Boolean blind SQL injection, extracting the administrator's , thereby achieving full administrative takeover. Technical Details: - The vulnerable code is located at lines 46 and 56 in . - In the vulnerable code, is directly concatenated into the SQL query, leading to SQL injection. Remediation Minimal Fix: - Convert to an integer before concatenating it into the SQL query. - Specific fixed code example: POC Code Authenticate as a low-privilege user and capture the token: Trigger a payload that always evaluates to true: Trigger a payload that always evaluates to false: References Source: https://github.com/grit42/grit Vulnerable Code: https://github.com/grit42/grit/blob/main/modules/assays/backend/app/models/grit/assays/data_table_entity.rb Docker Image: https://hub.docker.com/r/grit42com/grit Starter Kit: https://github.com/grit42/grit-starter CWE-89: https://cwe.mitre.org/data/definitions/89.html A05:2025 Injection: https://owasp.org/Top10/2025/A05_2025-Injection SQL Injection Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html Disclaimer This vulnerability was discovered through authorized security testing. The proof-of-concept code is intended to help defenders verify their exposure and apply fixes. Thoropass adheres to Coordinated Vulnerability Disclosure (CVD) principles. The vulnerability is reported privately to maintainers, allowing reasonable time for remediation, and a public announcement is made after coordination or when a fix is available. About Thoropass Thoropass provides enterprise-grade auditing with AI-native speed and precision. Designed from day one to integrate auditors, automation, and internal workflows into a single closed-loop system without additional add-ons or manual intervention. Our experienced penetration testing team proactively discovers vulnerabilities in web applications, APIs, and infrastructure, helping organizations protect their systems ahead of attackers. Thoropass Vulnerability Research Program Improving ecosystem security through responsible research and disclosure. --- Thoropass Website: https://www.thoropass.com LinkedIn: https://www.linkedin.com/company/thoropass Connect: https://www.thoropass.com/connect --- Thoropass Vulnerability Research Program Request a Penetration Test: https://www.thoropass.com/request-a-penetration-test Get Started: https://www.thoropass.com/start

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection Vulnerability in grit grit-assays Data Table Entity Endpoint

More from this source