Lucene search
HackeroneCVELIST:CVE-2017-16082HistoryApr 26, 2018 - 12:00 a.m.
CVE-2017-16082
2018-04-2600:00:00
CWE-94
hackerone
www.cve.org
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
CNA Affected
[
{
"product": "pg node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "< 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2017-16082
2018-06-07 00:00:00
prion
prion
Remote code execution
2018-06-07 02:29:00
cve
cve
CVE-2017-16082
2018-06-07 02:29:01
osv
osv
Remote Code Execution in pg
2018-07-24 19:44:42
veracode
veracode
Remote Code Execution (RCE)
2017-08-14 05:20:48
debiancve
debiancve
CVE-2017-16082
2018-06-07 02:29:01
nodejs
nodejs
Remote Code Execution
2017-08-13 04:26:17
nvd
nvd
CVE-2017-16082
2018-06-07 02:29:01
github
github
Remote Code Execution in pg
2018-07-24 19:44:42