Описание
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | released | 8.3.18-0ubuntu0.8.04 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 8.3.18 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 8.4.11-0ubuntu0.10.04 |
| maverick | released | 8.4.11-0ubuntu0.10.10 |
| natty | released | 8.4.11-0ubuntu0.11.04 |
| oneiric | ignored | end of life |
| precise | not-affected | 8.4.11-1 |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 8.4.11 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 9.1.3-1 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | released | 9.1.3-0ubuntu0.11.10 |
| precise | released | 9.1.3-1 |
| quantal | released | 9.1.3-1 |
| raring | released | 9.1.3-1 |
| upstream | released | 9.1.3 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3 ...
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
EPSS
6.8 Medium
CVSS2