Search criteria
6 vulnerabilities found for pgx by pgx_project
FKIE_CVE-2024-27304
Vulnerability from fkie_nvd - Published: 2024-03-06 19:15 - Updated: 2025-12-04 17:33
Severity ?
Summary
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pgproto3_project | pgproto3 | * | |
| pgx_project | pgx | * | |
| pgx_project | pgx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pgproto3_project:pgproto3:*:*:*:*:*:go:*:*",
"matchCriteriaId": "595DDCC9-AC88-4702-8771-EE3C382AAB9B",
"versionEndExcluding": "2.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*",
"matchCriteriaId": "A544EDA8-8EF2-407D-8534-2AF89534F7AC",
"versionEndExcluding": "4.18.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*",
"matchCriteriaId": "FC1EF367-3F2F-4280-BEBB-CE1875BFAC3B",
"versionEndExcluding": "5.5.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size."
},
{
"lang": "es",
"value": "pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. La inyecci\u00f3n de SQL puede ocurrir si un atacante puede hacer que una sola consulta o mensaje de enlace supere los 4 GB de tama\u00f1o. Un desbordamiento de enteros en el tama\u00f1o del mensaje calculado puede provocar que un mensaje grande se env\u00ede como varios mensajes bajo el control del atacante. El problema se resuelve en v4.18.2 y v5.5.4. Como soluci\u00f3n alternativa, rechace la entrada del usuario lo suficientemente grande como para provocar que una sola consulta o mensaje vinculado supere los 4 GB de tama\u00f1o."
}
],
"id": "CVE-2024-27304",
"lastModified": "2025-12-04T17:33:44.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-03-06T19:15:08.767",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
},
{
"source": "security-advisories@github.com",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.youtube.com/watch?v=Tfg1B8u1yvE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-27289
Vulnerability from fkie_nvd - Published: 2024-03-06 19:15 - Updated: 2025-12-11 15:45
Severity ?
Summary
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pgx_project | pgx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pgx_project:pgx:*:*:*:*:*:go:*:*",
"matchCriteriaId": "A544EDA8-8EF2-407D-8534-2AF89534F7AC",
"versionEndExcluding": "4.18.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"
},
{
"lang": "es",
"value": "pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. Antes de la versi\u00f3n 4.18.2, la inyecci\u00f3n SQL puede ocurrir cuando se cumplen todas las condiciones siguientes: se utiliza el protocolo simple no predeterminado; un marcador de posici\u00f3n para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos; debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea; y ambos valores de par\u00e1metros deben ser controlados por el usuario. El problema se resuelve en v4.18.2. Como soluci\u00f3n alternativa, no utilice el protocolo simple ni coloque un signo menos directamente antes de un marcador de posici\u00f3n."
}
],
"id": "CVE-2024-27289",
"lastModified": "2025-12-11T15:45:33.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-03-06T19:15:08.140",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2024-27304 (GCVE-0-2024-27304)
Vulnerability from cvelistv5 – Published: 2024-03-06 19:07 – Updated: 2024-12-12 20:52
VLAI?
Title
pgx SQL Injection via Protocol Message Size Overflow
Summary
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "4.18.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jackc:pgx:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "5.5.4",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T20:31:57.168692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:31:36.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
},
{
"name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"status": "affected",
"version": "\u003c 4.18.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:52:24.821Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
},
{
"name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"name": "https://www.youtube.com/watch?v=Tfg1B8u1yvE",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=Tfg1B8u1yvE"
}
],
"source": {
"advisory": "GHSA-mrww-27vc-gghv",
"discovery": "UNKNOWN"
},
"title": "pgx SQL Injection via Protocol Message Size Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27304",
"datePublished": "2024-03-06T19:07:08.491Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-12-12T20:52:24.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27289 (GCVE-0-2024-27289)
Vulnerability from cvelistv5 – Published: 2024-03-06 18:28 – Updated: 2025-06-12 15:45
VLAI?
Title
pgx SQL Injection via Line Comment Creation
Summary
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "4.18.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:13:55.313789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:55:01.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-12T15:45:56.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"
},
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"status": "affected",
"version": "\u003c 4.18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T18:28:12.291Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"source": {
"advisory": "GHSA-m7wr-2xf7-cm9p",
"discovery": "UNKNOWN"
},
"title": "pgx SQL Injection via Line Comment Creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27289",
"datePublished": "2024-03-06T18:28:12.291Z",
"dateReserved": "2024-02-22T18:08:38.873Z",
"dateUpdated": "2025-06-12T15:45:56.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27304 (GCVE-0-2024-27304)
Vulnerability from nvd – Published: 2024-03-06 19:07 – Updated: 2024-12-12 20:52
VLAI?
Title
pgx SQL Injection via Protocol Message Size Overflow
Summary
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "4.18.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jackc:pgx:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "5.5.4",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T20:31:57.168692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:31:36.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
},
{
"name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"status": "affected",
"version": "\u003c 4.18.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:52:24.821Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv"
},
{
"name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8"
},
{
"name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007"
},
{
"name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4"
},
{
"name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
},
{
"name": "https://www.youtube.com/watch?v=Tfg1B8u1yvE",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=Tfg1B8u1yvE"
}
],
"source": {
"advisory": "GHSA-mrww-27vc-gghv",
"discovery": "UNKNOWN"
},
"title": "pgx SQL Injection via Protocol Message Size Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27304",
"datePublished": "2024-03-06T19:07:08.491Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-12-12T20:52:24.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27289 (GCVE-0-2024-27289)
Vulnerability from nvd – Published: 2024-03-06 18:28 – Updated: 2025-06-12 15:45
VLAI?
Title
pgx SQL Injection via Line Comment Creation
Summary
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"lessThan": "4.18.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T14:13:55.313789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:55:01.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-12T15:45:56.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"
},
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "pgx",
"vendor": "jackc",
"versions": [
{
"status": "affected",
"version": "\u003c 4.18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T18:28:12.291Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p"
},
{
"name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df"
}
],
"source": {
"advisory": "GHSA-m7wr-2xf7-cm9p",
"discovery": "UNKNOWN"
},
"title": "pgx SQL Injection via Line Comment Creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27289",
"datePublished": "2024-03-06T18:28:12.291Z",
"dateReserved": "2024-02-22T18:08:38.873Z",
"dateUpdated": "2025-06-12T15:45:56.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}