CVE-2018-25088

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25088

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25088.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-25088

Aliases

GHSA-vghm-8cjp-hjw6

Published

2023-07-18T13:15:11Z

Modified

2024-10-12T03:32:47.558998Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function _createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgrescluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/blue-yonder/postgraas_server

Affected ranges

Type: GIT
Repo: https://github.com/blue-yonder/postgraas_server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7cd8d016edc74a78af0d81c948bfafbcc93c937c

Affected versions

v0.*

v0.0.1

v0.1.0

v0.1.10

v0.1.11

v0.1.3

v0.1.4

v0.1.5

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0b1

v1.0.0b2

v1.0.0b3

v1.0.0b34

v2.*

v2.0.0b1

v2.0.0b2