File tree 1 file changed +23
-0
lines changed
1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change 1+ # 4.18.2 (March 4, 2024)
2+
3+ Fix CVE-2024 -27289
4+
5+ SQL injection can occur when all of the following conditions are met:
6+
7+ 1 . The non-default simple protocol is used.
8+ 2 . A placeholder for a numeric value must be immediately preceded by a minus.
9+ 3 . There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
10+ 4 . Both parameter values must be user-controlled.
11+
12+ Thanks to Paul Gerste for reporting this issue.
13+
14+ Fix CVE-2024 -27304
15+
16+ SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
17+ overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
18+ attacker's control.
19+
20+ Thanks to Paul Gerste for reporting this issue.
21+
22+ * Fix * dbTx.Exec not checking if it is already closed
23+
124# 4.18.1 (February 27, 2023)
225
326* Fix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)
You can’t perform that action at this time.
0 commit comments