Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blue Yonder postgraas_server PostgreSQL Backend postgres_cluster_driver.py create_postgres_db sql injection
Vulnerability Description
A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Postgraas SQL注入漏洞
Vulnerability Description
Blue Yonder GmbH Postgraas是中国蓝色远方有限公司(Blue Yonder GmbH)公司的一个超级简单的 PostgreSQL 即服务。 Blue Yonder postgraas_server 2.0.0b2及之前版本存在SQL注入漏洞,该漏洞源于文件postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py的函数_create_pg_connection/create_postgres_db会导致
CVSS Information
N/A
Vulnerability Type
N/A