Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-27289

Published: 06/03/2024 Updated: 06/03/2024

Vulnerability Summary

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.

Vendor Advisories

Debian CVElist Bug Report Logs: golang-github-jackc-pgx: CVE-2024-27289
Debian Bug report logs - #1065686 golang-github-jackc-pgx: CVE-2024-27289 Package: src:golang-github-jackc-pgx; Maintainer for src:golang-github-jackc-pgx is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Mar 2024 21:42:01 UTC Severity: i ...

References

https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9phttps://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81dfhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065686https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook