CVE-2017-16082
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
| Software | From | Fixed in |
|---|---|---|
| node-postgres / pg | 2.0.0 | 2.11.2 |
| node-postgres / pg | 3.0.0 | 3.6.4 |
| node-postgres / pg | 4.0.0 | 4.5.7 |
| node-postgres / pg | 5.0.0.x | 5.2.1 |
| node-postgres / pg | 6.0.0 | 6.4.2 |
| node-postgres / pg | 7.0.0 | 7.1.2 |
pg
|
- | 2.11.2 |
|
pg
|
3.0.0 | 3.6.4 |
|
pg
|
4.0.0 | 4.5.7 |
|
pg
|
5.0.0 | 5.2.1 |
|
pg
|
6.0.0 | 6.0.5 |
|
pg
|
6.1.0 | 6.1.6 |
|
pg
|
6.2.0 | 6.2.5 |
|
pg
|
6.3.0 | 6.3.3 |
|
pg
|
6.4.0 | 6.4.2 |
|
pg
|
7.0.0 | 7.0.2 |
|
pg
|
7.1.0 | 7.1.2 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime