{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27289", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-22T18:08:38.873Z", "datePublished": "2024-03-06T18:28:12.291Z", "dateUpdated": "2024-08-02T00:27:59.934Z"}, "containers": {"cna": {"title": "pgx SQL Injection via Line Comment Creation", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"}, {"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": ["x_refsource_MISC"], "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"}], "affected": [{"vendor": "jackc", "product": "pgx", "versions": [{"version": "< 4.18.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T18:28:12.291Z"}, "descriptions": [{"lang": "en", "value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"}], "source": {"advisory": "GHSA-m7wr-2xf7-cm9p", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "jackc", "product": "pgx", "cpes": ["cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.18.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T14:13:55.313789Z", "id": "CVE-2024-27289", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:16:37.528Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.934Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"}, {"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.934Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27289", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-24T14:13:55.313789Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"], "vendor": "jackc", "product": "pgx", "versions": [{"status": "affected", "version": "0", "lessThan": "4.18.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:16:20.444Z"}}], "cna": {"title": "pgx SQL Injection via Line Comment Creation", "source": {"advisory": "GHSA-m7wr-2xf7-cm9p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jackc", "product": "pgx", "versions": [{"status": "affected", "version": "< 4.18.2"}]}], "references": [{"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T18:28:12.291Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27289", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:27:59.934Z", "dateReserved": "2024-02-22T18:08:38.873Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-06T18:28:12.291Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"}, {"lang": "es", "value": "pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. Antes de la versi\u00f3n 4.18.2, la inyecci\u00f3n SQL puede ocurrir cuando se cumplen todas las condiciones siguientes: se utiliza el protocolo simple no predeterminado; un marcador de posici\u00f3n para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos; debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea; y ambos valores de par\u00e1metros deben ser controlados por el usuario. El problema se resuelve en v4.18.2. Como soluci\u00f3n alternativa, no utilice el protocolo simple ni coloque un signo menos directamente antes de un marcador de posici\u00f3n."}], "id": "CVE-2024-27289", "lastModified": "2024-11-21T09:04:15.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-06T19:15:08.140", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"}, {"source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.3.5-1", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.3.5-4", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.3.5-4", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.3.5-1", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1321", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.3.5-3", "product_name": "Red Hat Advanced Cluster Security 4.3", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:7944", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-csr-approver-rhel9:v4.16.0-202410031007.p0.g342902b.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:7922", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-agent-installer-csr-approver-rhel9:v4.17.0-202410031034.p0.gfbc55c6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-16T00:00:00Z"}], "bugzilla": {"description": "pgx: SQL Injection via Line Comment Creation", "id": "2268465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268465"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.", "A flaw was found in pgx. SQL injection can occur when all of the following conditions are met in versions before 4.18.2 of pgx.\u00a0\n- The non-default simple protocol is used\n- A placeholder for a numeric value must be immediately preceded by a minus\n- There must be a second placeholder for a string value after the first placeholder\n- Both must be on the same line\n- Both parameter values must be user-controlled"], "mitigation": {"lang": "en:us", "value": "A possible mitigation is to not use the simple protocol or do not place a minus directly before a placeholder."}, "name": "CVE-2024-27289", "package_state": [{"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/agent-service-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/assisted-installer-agent-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/assisted-installer-reporter-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Will not fix", "package_name": "multicluster-engine/assisted-installer-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-search-indexer-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-search-v2-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "aap-cloud-ui-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-agent-installer-node-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-agent-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-operator-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2024-03-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27289\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27289\nhttps://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\nhttps://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p\nhttps://pkg.go.dev/vuln/GO-2024-2605"], "threat_severity": "Moderate", "upstream_fix": "pgx 4.18.2"}