5 matches found
CVE-2024-27289
CVE-2024-27289 affects the Go pgx PostgreSQL driver. Before 4.18.2, a SQL injection can occur when using the non-default simple protocol with a minus immediately before a numeric placeholder and a second placeholder for a string on the same line, with both values user-controlled. The issue is fix...
CVE-2024-27304
CVE-2024-27304 affects pgx, a PostgreSQL driver/toolkit for Go. The vulnerability enables SQL injection when an attacker can cause a single query or Bind message to exceed 4 GB due to an integer overflow in message size calculation, which can cause the large message to be split into multiple mess...
CVE-2026-33815
A memory-safety vulnerability in the Go PostgreSQL driver/toolkit github.com/jackc/pgx/v5 is described across multiple sources. Several references (including OSV advisories and attacker-trusted feeds) note that pgx prior to v5.9.0 contains the issue, implying that versions 5.9.0+ or newer mitigat...
CVE-2026-33816
Technical details for CVE-2026-33816 are not publicly available in the provided documents; no affected versions, exploit info, impact, or fixes are disclosed. Monitor for updates.
CVE-2026-41889
CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...