5 matches found
@keyv/postgres (>=1.0.7 <=1.0.9), keyv-postgres (>=1.0.5 <=1.0.6) +2 more potentially affected by CVE-2017-16082 via pg (>=7.1.0 <=7.1.1)
pg NPM version =7.1.0, =1.0.7, =1.0.5, =0.0.1, =0.0.3 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...
@arpinum/postgres (>=4.0.0-beta12 <=4.0.0-beta14), appointmed-epr-template-common (>=0.0.46 <=0.0.65) +9 more potentially affected by CVE-2017-16082 via pg (>=6.2.2 <=6.2.3)
pg NPM version =6.2.2, =4.0.0-beta12, =0.0.46, =0.0.35, =0.13.3, =0.0.1, =0.0.1, =1.0.0, =1.0.3 - pg-promise-strict =0.3.4 - pgo =0.2.1 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...
@folk-org/js-dav (>=1.0.0 <=1.0.3), @lettercms/models (>=0.0.1 <=0.0.12) +187 more potentially affected by CVE-2017-16082 via pg (>=4.0.0 <=4.5.6)
pg NPM version =4.0.0, =1.0.0, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.15 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...
acidjs (>=0.0.2 <=1.0.1), acl-knex (>=0.1.2 <=0.1.3) +41 more potentially affected by CVE-2017-16082 via pg (>=3.0.3 <=3.6.3)
pg NPM version =3.0.3, =0.0.2, =0.1.2, =0.0.1, =0.0.2, =0.1.0, =0.0.4, =0.3.0, =0.0.11, =0.0.12, =0.1.2, =0.0.2, =0.0.1, =0.0.64 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...
CVE-2017-16082
CVE-2017-16082 is a remote code execution vulnerability in the pg module that triggers when the remote database or query returns a crafted column name. The provided connected documents show two vulnerable scenarios: (1) unsafe, user-supplied SQL containing a malicious column name, and (2) queryin...