DirectorySecurity Advisories
Sign In
Security Advisories

CGA-wfqp-8x3q-4gwj

Published

Last updated

https://images.chainguard.dev/security/CGA-wfqp-8x3q-4gwj
Package

vault-1.13

Latest Update
Fixed
Fixed Version

1.13.13-r2

Aliases
  • CVE-2024-27289
  • GHSA-m7wr-2xf7-cm9p

Severity

8.1

High

CVSS V3

Summary

pgx SQL Injection via Line Comment Creation

Description

Impact

SQL injection can occur when all of the following conditions are met:

  1. The non-default simple protocol is used.
  2. A placeholder for a numeric value must be immediately preceded by a minus.
  3. There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
  4. Both parameter values must be user-controlled.

e.g.

Simple mode must be enabled:

// connection string includes "prefer_simple_protocol=true"
// or
// directly enabled in code
config.ConnConfig.PreferSimpleProtocol = true

Parameterized query:

SELECT * FROM example WHERE result=-$1 OR name=$2;

Parameter values:

$1 => -42 $2 => "foo\n 1 AND 1=0 UNION SELECT * FROM secrets; --"

Resulting query after preparation:

SELECT * FROM example WHERE result=--42 OR name= 'foo
1 AND 1=0 UNION SELECT * FROM secrets; --';

Patches

The problem is resolved in v4.18.2.

Workarounds

Do not use the simple protocol or do not place a minus directly before a placeholder.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images