Home

Description

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.

PUBLISHED Reserved 2025-03-11 | Published 2025-06-12 | Updated 2025-06-17 | Assigner mitre

References

github.com/vitaly-t/pg-promise/discussions/911

www.sonarsource.com/...-trouble-a-subtle-sql-injection-flaw/

cve.org (CVE-2025-29744)

nvd.nist.gov (CVE-2025-29744)

Download JSON