Lucene search

PRIOn knowledge basePRION:CVE-2018-25088

HistoryJul 18, 2023 - 1:15 p.m.

Sql injection

2023-07-1813:15:00

PRIOn knowledge base

www.prio-n.com

blue yonder

postgraas_server

sql injection

upgrade

patch id

vulnerability

postgresql backend handler

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
postgraas_servereq2.0.0 beta1
postgraas_serverlt2.0.0
postgraas_servereq2.0.0 beta2

Name	Operator	Version
postgraas_server	eq	2.0.0 beta1
postgraas_server	lt	2.0.0
postgraas_server	eq	2.0.0 beta2

References

github.com/blue-yonder/postgraas_server/commit/7cd8d016edc74a78af0d81c948bfafbcc93c937c

github.com/blue-yonder/postgraas_server/releases/tag/v2.0.0

vuldb.com/?ctiid.234246

vuldb.com/?id.234246