CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
83.5%
Pike is a general purpose programming language, able to be used for multiple tasks.
Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database.
A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements.
There is no known workaround at this time.
All pike users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-lang/pike | < 7.6.86 | UNKNOWN |