CVE-2023-22626

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22626

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22626.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22626

Aliases

GHSA-vf99-xw26-86g5

Published

2023-01-05T08:15:08Z

Modified

2024-06-06T14:16:51.393359Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)

References

https://github.com/ankane/pghero/issues/439

Affected packages

Git / github.com/ankane/pghero

Affected ranges

Type: GIT
Repo: https://github.com/ankane/pghero
Events: Introduced

69822fbeccd1cc555a995a301c1c29ba423462ac

Fixed

80b638edf589f6a405c174afcb6847fff5f176ff

Affected versions

v0.*

v0.1.1

v0.1.10

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.7.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.5.1

v2.6.0

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v3.*

v3.0.0

v3.0.1