GHSA-vf99-xw26-86g5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vf99-xw26-86g5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-vf99-xw26-86g5/GHSA-vf99-xw26-86g5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vf99-xw26-86g5
- Aliases
- Published
- 2023-01-05T09:30:28Z
- Modified
- 2023-11-08T04:11:37.345527Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- PgHero Allows Information Disclosure Through EXPLAIN Feature
- Details
-
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)
- Database specific
{ "nvd_published_at": "2023-01-05T08:15:00Z", "github_reviewed_at": "2023-01-09T20:03:14Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-209" ] }- References
Affected packages
RubyGems / pghero
Package
- Name
- pghero
- Purl
- pkg:gem/pghero
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.0
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.8.0
2.8.1
2.8.2
2.8.3
3.*
3.0.0
3.0.1