Lucene search
+L

5 matches found

RedHat Linux
RedHat Linux
added 2026/05/12 5:34 a.m.3 views

github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

9.8CVSS6.1AI score0.00356EPSS
Exploits0References7
NVD
NVD
added 2026/05/08 5:16 p.m.23 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS0.00356EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/08 5:16 p.m.11 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 3:53 p.m.28 views

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:53 p.m.9 views

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

2.3CVSS5.7AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder