GHSA-8wj8-cfxr-9374
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8wj8-cfxr-9374
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-8wj8-cfxr-9374/GHSA-8wj8-cfxr-9374.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8wj8-cfxr-9374
- Related
- Published
- 2025-11-13T22:22:37Z
- Modified
- 2025-11-13T22:22:37Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
- Details
-
Description of Vulnerability:
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
AWS recommends that customers upgrade to the following version: AWS NodeJS Wrapper to v2.0.1.
Source of Vulnerability Report:
Allistair Ishmael Hakim allistair.hakim@gmail.com
Affected products & versions:
AWS NodeJS Wrapper < 2.0.1.
Platforms:
MacOS/Windows/Linux
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "cwe_ids": [ "CWE-470" ], "nvd_published_at": null, "github_reviewed_at": "2025-11-13T22:22:37Z" }- References
Affected packages
npm / aws-advanced-nodejs-wrapper
Package
- Name
- aws-advanced-nodejs-wrapper
- View open source insights on deps.dev
- Purl
- pkg:npm/aws-advanced-nodejs-wrapper