7 matches found
CVE-2026-32687
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
Summary SQL injection in Postgrex.Notifications.listen/3: the channel argument is interpolated straight into LISTEN "..." / UNLISTEN "..." without escaping the " character. Any caller that lets a user influence the channel name e.g. a pub/sub bridge that uses a tenant id or topic slug as the...
GHSA-R73H-97W8-M54H Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
Summary SQL injection in Postgrex.Notifications.listen/3: the channel argument is interpolated straight into LISTEN "..." / UNLISTEN "..." without escaping the " character. Any caller that lets a user influence the channel name e.g. a pub/sub bridge that uses a tenant id or topic slug as the...
CVE-2026-32687
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
EEF-CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Summary Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...