90 matches found
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten (a .NET transactional document DB for PostgreSQL) prior to version 8.36.1 interpolated the user-supplied regConfig parameter directly into SQL within full-text search APIs, without parameterization or validation, creating a SQL injection sink on any code path where regConfig is exposed. Th...
EUVD-2026-33022
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
Marten SQL注入漏洞
Marten is a PostgreSQL-based .NET documentation database and event storage tool developed by JasperFx. Versions of Marten prior to 8.36.1 contained an SQL injection vulnerability. This vulnerability occurred due to the full-text search API not being parameterized or verifying the regConfig...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the regConfig parameter in full-text search APIs. An attacker can execute arbitrary SQL commands by supplying crafted input to the regConfig parameter, which is interpolated directly into SQL statements without...
Marten has an injection vulnerability in its full-text search regConfig parameter
Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...
GHSA-VMW2-QWM8-X84C Marten has an injection vulnerability in its full-text search regConfig parameter
Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...
PT-2026-41160
Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...
EUVD-2025-120031
Malicious code in breezy-crimson-marten npm...
Malicious code in breezy-crimson-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3875b560289ee53cd714075de6f50623325d7fec152a2d1a0035da53e9289f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117420
Malicious code in elated-gray-marten npm...
Malicious code in elated-gray-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32a771f61d8884dd839eb457a9126fe4d205325bf194b113122900c6b8a5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117242
Malicious code in massive-yellow-marten npm...
EUVD-2025-117473
Malicious code in confident-ivory-marten npm...
Malicious code in massive-yellow-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347c0a4bc6c6dc50164f4938053abfe0fb420772bc5eb18e843d0551531f3155 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in splendid_marten_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a27a8fb6fdc9b58fdf0356c0ae70118b28e954e7d110b3b0050c4e2661cc4da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...