All vulnerabilities
CVE-2024-27289
SQL injection in github.com/jackc/pgx/v4
Description
SQL injection is possible when the database uses the non-default simple protocol, a minus sign directly precedes a numeric placeholder followed by a string placeholder on the same line, and both parameter values are user-controlled.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
8.1
Severity
High
Ecosystem
GO
Publish Date
March 11, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
