GHSA-vghm-8cjp-hjw6

Suggest an improvement
Source
https://github.com/advisories/GHSA-vghm-8cjp-hjw6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-vghm-8cjp-hjw6/GHSA-vghm-8cjp-hjw6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vghm-8cjp-hjw6
Aliases
Published
2023-07-18T15:30:36Z
Modified
2024-03-01T14:55:50.995954Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
postgraas-server vulnerable to SQL injection
Details

A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.

References

Affected packages

PyPI / postgraas-server

Package

Name
postgraas-server
View open source insights on deps.dev
Purl
pkg:pypi/postgraas-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0

Affected versions

0.*

0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.1.11

1.*

1.0.0b1
1.0.0b2
1.0.0b3

2.*

2.0.0b1
2.0.0b2