Lucene search
Redhat.comRH:CVE-2024-27289HistoryMar 07, 2024 - 6:08 p.m.
CVE-2024-27289
2024-03-0718:08:15
redhat.com
access.redhat.com
9
pgx postgresql driver
sql injection
cve-2024-27289
simple protocol
sql placeholder
v4.18.2
A flaw was found in pgx. SQL injection can occur when all of the following conditions are met in versions before 4.18.2 of pgx. - The non-default simple protocol is used - A placeholder for a numeric value must be immediately preceded by a minus - There must be a second placeholder for a string value after the first placeholder - Both must be on the same line - Both parameter values must be user-controlled
Mitigation
A possible mitigation is to not use the simple protocol or do not place a minus directly before a placeholder.
Related
prion
prion
Sql injection
2024-03-06 19:15:00
cgr
cgr
CVE-2024-27289 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-27289 pgx SQL Injection via Line Comment Creation
2024-03-06 18:28:12
osv
osv
SQL injection in github.com/jackc/pgx/v4
2024-03-11 20:08:05
CVE-2024-27289
2024-03-06 19:15:08
pgx SQL Injection via Line Comment Creation
2024-03-04 20:13:11
debiancve
debiancve
CVE-2024-27289
2024-03-06 19:15:08
ubuntucve
ubuntucve
CVE-2024-27289
2024-03-06 00:00:00
cve
cve
CVE-2024-27289
2024-03-06 19:15:08
veracode
veracode
Sql Injection
2024-03-05 09:48:26
github
github
pgx SQL Injection via Line Comment Creation
2024-03-04 20:13:11
wolfi
wolfi
CVE-2024-27289 vulnerabilities
2024-06-01 09:07:38
redhat
redhat
(RHSA-2024:1321) Moderate: ACS 4.3 enhancement and security update
2024-03-13 20:53:28