github-actions[bot]
commented
4 months ago Issue still exists.
Open github-actions[bot] opened 4 months ago
github-actions[bot]
commented
4 months ago Issue still exists.
Description
pgx is a PostgreSQL driver and toolkit for Go. An SQL Injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An Integer Overflow in the calculated message size can cause one large message to be sent as multiple messages under the attacker's control. This issue affects github.com/jackc/pgproto3 package versions through v2.3.2, github.com/jackc/pgx/v4 versions v4.0.0-pre1 through v4.18.1, github.com/jackc/pgx/v5 package versions 5.0.0-alpha.1 through v5.5.3. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
HIGH Vulnerable Package issue exists @ github.com/jackc/pgproto3/v2 in branch master
Vulnerability ID: CVE-2024-27304
Package Name: github.com/jackc/pgproto3/v2
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2024-03-06T13:00:00
Current Package Version: v2.0.5
Remediation Upgrade Recommendation: v2.3.3
Link To SCA
Reference – NVD link