Sign In

GHSA-j88v-2chj-qfwx

ADVISORY - github

Summary

Impact

SQL Injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Patches

The problem is resolved in v5.9.2.

Workarounds

Do not use the simple protocol to execute queries matching all the above conditions.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-j88v-2chj-qfwx
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-89

CVSS SCORE

2.3low