—
PYSEC-2009-18
Details
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pygresql
Introduced in:
3.8.1 No fixed version published yet for pygresql (pip). Pin to a known-safe version or switch to an alternative.
References
- http://ubuntu.com/usn/usn-870-1 [WEB]
- http://www.osvdb.org/59028 [WEB]
- http://secunia.com/advisories/37046 [ADVISORY]
- http://secunia.com/advisories/37654 [ADVISORY]
- http://www.debian.org/security/2009/dsa-1911 [ADVISORY]