Home
Description
uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.
References
media.defcon.org/...ggling Queries at the Protocol Level.pdf
github.com/uptrace/bun/tree/master/driver/pgdriver
github.com/...fd2d205e924b2fd4043b/driver/pgdriver/format.go
www.sonarsource.com/...-trouble-a-subtle-sql-injection-flaw/
github.com/advisories/GHSA-h4h6-vccr-44h2