7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
83.9%
The pygresql module 3.8.1 and 4.0 for Python does not properly support the
PQescapeStringConn function, which might allow remote attackers to leverage
escaping issues involving multibyte character encodings.
Author | Note |
---|---|
jdstrand | 1:4.0-0ubuntu1 and higher has the fix affected versions have an escape_string() and escape_bytea() that uses PQescapeString() and PQescapeBytea() from PostgreSQL’s libpq-fe.h. These are known to be problematic. The fix is to create pg_escape_string() and pg_escape_bytea() which use the safe PQescapeStringConn() and PQescapeByteaConn() functions, and then add them to the pgobj methods. Applications will have to be rewritten to use the new functions, specifically, something like this: cnx = pg.connect(…) … escaped = pg.escape_string(str) to be: cnx = pg.connect(…) … escaped = cnx.escape_string(str) |