GHSA-7wq2-32h4-9hc9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7wq2-32h4-9hc9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-7wq2-32h4-9hc9/GHSA-7wq2-32h4-9hc9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7wq2-32h4-9hc9
- Aliases
- Related
- Published
- 2025-11-13T22:22:34Z
- Modified
- 2025-11-17T19:58:55.001711Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance
- Details
-
Description of Vulnerability:
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
AWS recommends customers upgrade to the following versions: AWS Go Wrapper to 2025-10-17.
Source of Vulnerability Report:
Allistair Ishmael Hakim allistair.hakim@gmail.com
Affected products & versions:
AWS Go Wrapper < 2025-10-17.
Platforms:
MacOS/Windows/Linux
- Database specific
{ "cwe_ids": [ "CWE-470" ], "github_reviewed": true, "github_reviewed_at": "2025-11-13T22:22:34Z", "severity": "HIGH", "nvd_published_at": null }- References
Affected packages
Go / github.com/aws/aws-advanced-go-wrapper/awssql
Package
- Name
- github.com/aws/aws-advanced-go-wrapper/awssql
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/aws/aws-advanced-go-wrapper/awssql