CVE-2009-2940

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection in pypi/PyGreSQL

Identifiers

GHSA-xv6x-43gq-4hfj, CVE-2009-2940

Package Slug

pypi/PyGreSQL

Vulnerability

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

Description

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Affected Versions

All versions up to 3.8.1, version 4.0

Solution

Upgrade to version 4.1 or above.

Last Modified

2024-02-09

source