Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Untrusted search path in auth_query connection in PgBouncer
Vulnerability Description
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
PgBouncer 安全漏洞
Vulnerability Description
PgBouncer是PgBouncer社区的一个 PostgreSql 的开源轻量级连接池。 PgBouncer 1.25.1之前版本存在安全漏洞,该漏洞源于auth_query连接处理程序中不受信任的搜索路径,可能导致未经授权的攻击者在身份验证期间执行任意SQL。
CVSS Information
N/A
Vulnerability Type
N/A