pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-06T18:28:12.291Z
Updated: 2024-08-02T00:27:59.934Z
Reserved: 2024-02-22T18:08:38.873Z
Link: CVE-2024-27289
Vulnrichment
Updated: 2024-08-02T00:27:59.934Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T19:15:08.140
Modified: 2024-03-06T21:42:48.053
Link: CVE-2024-27289
Redhat