3 matches found
CVE-2026-58225
This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...