PYSEC-2026-460

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/postgraas-server/PYSEC-2026-460.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-460
Aliases
Published
2026-06-29T11:50:43.829442Z
Modified
2026-06-29T12:15:33.625247938Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
postgraas-server vulnerable to SQL injection
Details

A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.

References

Affected packages

PyPI / postgraas-server

Package

Name
postgraas-server
View open source insights on deps.dev
Purl
pkg:pypi/postgraas-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0

Affected versions

0.*
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.1.11
1.*
1.0.0b1
1.0.0b2
1.0.0b3
2.*
2.0.0b1
2.0.0b2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/postgraas-server/PYSEC-2026-460.yaml"