4 matches found
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
@0x18b2ee/parse-server (>=3.10.1 <=3.11.0), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +412 more potentially affected by CVE-2025-29744 via pg-promise (>=0.9.8 <=11.5.4)
pg-promise NPM version =0.9.8, =3.10.1, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.0, =1.1.2, =0.0.2, =0.0.3, =0.1.1, =9.3.8, =2.13.15, =2.0.0, =1.1.152, =1.0.1, =1.0.5, =1.0.10 and more Source cves: CVE-2025-29744 Source advisory: OSV:GHSA-FF9H-848C-4XFJ...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2025-29744
CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...