VDB
RHSA-2024%3A7944
RHSA-2024%3A7944
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in pgx. SQL injection can occur when all of the following conditions are met in versions before 4.18.2 of pgx. - The non-default simple protocol is used - A placeholder for a numeric value must be immediately preceded by a minus - There must be a second placeholder for a string value after the first placeholder - Both must be on the same line - Both parameter values must be user-controlled
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/network-tools-rhel9@sha256:234fdf2af2729408d3b287b7576dd1a29f61ad7b21b303d476b1ab3367e0c886_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/network-tools-rhel9@sha256:234fdf2af2729408d3b287b7576dd1a29f61ad7b21b303d476b1ab3367e0c886_arm64, * |
| Red Hat | openshift4/ose-agent-installer-csr-approver-rhel9@sha256:94617e923e3e16a9fd5311f171acf2094f02f245cf261f361ed490c1126e03c6_s390x as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-agent-installer-csr-approver-rhel9@sha256:94617e923e3e16a9fd5311f171acf2094f02f245cf261f361ed490c1126e03c6_s390x, * |
| Red Hat | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:d9845dbef8b832fe414c07ac9f9f06ca4fb41c5d13d0fa21e4276dac83950187_s390x as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:d9845dbef8b832fe414c07ac9f9f06ca4fb41c5d13d0fa21e4276dac83950187_s390x, * |
| Red Hat | openshift4/ose-installer-altinfra-rhel9@sha256:2ddcb630e3260c6c71f6f33da36695800e2429d69a9f836aa87b5ecc6b0b2be4_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-installer-altinfra-rhel9@sha256:2ddcb630e3260c6c71f6f33da36695800e2429d69a9f836aa87b5ecc6b0b2be4_amd64, openshift4/ose-installer-altinfra-rhel9@sha256:2ddcb630e3260c6c71f6f33da36695800e2429d69a9f836aa87b5ecc6b0b2be4_amd64 |
| Red Hat | openshift4/ose-cli-artifacts-rhel9@sha256:a736f825bea3f9e5b38257fac1c38f89ec529fe144d93ca6096b5201819c2f7d_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-cli-artifacts-rhel9@sha256:a736f825bea3f9e5b38257fac1c38f89ec529fe144d93ca6096b5201819c2f7d_arm64, openshift4/ose-cli-artifacts-rhel9@sha256:a736f825bea3f9e5b38257fac1c38f89ec529fe144d93ca6096b5201819c2f7d_arm64 |
| Red Hat | openshift4/ose-tests-rhel9@sha256:a0ed744531376c9c2f3f9b10ec9fd3988a8835c1c8bfe511166824cb27ca7873_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-tests-rhel9@sha256:a0ed744531376c9c2f3f9b10ec9fd3988a8835c1c8bfe511166824cb27ca7873_arm64, * |
| Red Hat | openshift4/ose-agent-installer-api-server-rhel9@sha256:bbff31aac52260f50f4163a281e0fb5b104bb98d6fabdfd0e1dc727955ef6c0d_s390x as a component of Red Hat OpenShift Container Platform 4.16 | *, * |
| Red Hat | openshift4/ose-installer-altinfra-rhel9@sha256:ea7b2e4c0d7aa39ad4838dd583e4c84526bfbfa27a9581182f6be25e2bbe056b_s390x as a component of Red Hat OpenShift Container Platform 4.16 | *, * |
| Red Hat | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:0607e93f88f63e32492d30e93662e0a400a0298c8fde4b5e9def8cce32677701_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | *, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:0607e93f88f63e32492d30e93662e0a400a0298c8fde4b5e9def8cce32677701_ppc64le |
| Red Hat | openshift4/ose-agent-installer-node-agent-rhel9@sha256:b52459d42ced02f37c15f9ec9c167c515ed4c50866baa6833a6d43154753b4ff_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-agent-installer-node-agent-rhel9@sha256:b52459d42ced02f37c15f9ec9c167c515ed4c50866baa6833a6d43154753b4ff_arm64, openshift4/ose-agent-installer-node-agent-rhel9@sha256:b52459d42ced02f37c15f9ec9c167c515ed4c50866baa6833a6d43154753b4ff_arm64 |
| Red Hat | openshift4/ose-monitoring-plugin-rhel9@sha256:a36177adc6f6bbc4e78c5cd9110525f089a5115fe134b8ce2ad2cf4f9df10ba4_s390x as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-monitoring-plugin-rhel9@sha256:a36177adc6f6bbc4e78c5cd9110525f089a5115fe134b8ce2ad2cf4f9df10ba4_s390x, * |
| Red Hat | openshift4/ose-console-rhel9@sha256:b242f16b2afb99bddc05675a1fea77bd1d040ebf21b98239e89026901a34eeda_s390x as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-console-rhel9@sha256:b242f16b2afb99bddc05675a1fea77bd1d040ebf21b98239e89026901a34eeda_s390x, * |
| Red Hat | openshift4/ose-cluster-etcd-rhel9-operator@sha256:0fe828058535e812beb292ea1a28a53a3e7438673af996953650b37dff11e57f_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-cluster-etcd-rhel9-operator@sha256:0fe828058535e812beb292ea1a28a53a3e7438673af996953650b37dff11e57f_ppc64le, openshift4/ose-cluster-etcd-rhel9-operator@sha256:0fe828058535e812beb292ea1a28a53a3e7438673af996953650b37dff11e57f_ppc64le |
| Red Hat | openshift4/ose-cli-artifacts-rhel9@sha256:92c70d2a6a8aa4b10a287f8b985bd5b5242f2cad61d2ea077cc8f6bacb0f1dd9_ppc64le as a component of Red Hat OpenShift Container Platform 4.16 | *, openshift4/ose-cli-artifacts-rhel9@sha256:92c70d2a6a8aa4b10a287f8b985bd5b5242f2cad61d2ea077cc8f6bacb0f1dd9_ppc64le |
| Red Hat | openshift4/ose-cluster-network-rhel9-operator@sha256:d11b4b2d9d738e81a371ed31a1861851d17cc22e64df21a27c9f59a76873e2cf_s390x as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-cluster-network-rhel9-operator@sha256:d11b4b2d9d738e81a371ed31a1861851d17cc22e64df21a27c9f59a76873e2cf_s390x, openshift4/ose-cluster-network-rhel9-operator@sha256:d11b4b2d9d738e81a371ed31a1861851d17cc22e64df21a27c9f59a76873e2cf_s390x |
| Red Hat | openshift4/ose-networking-console-plugin-rhel9@sha256:0bc5f8c91bf41b22b62e9c6c6714b134662bedbcc89dc07ba191629ae228fcf2_amd64 as a component of Red Hat OpenShift Container Platform 4.16 | *, openshift4/ose-networking-console-plugin-rhel9@sha256:0bc5f8c91bf41b22b62e9c6c6714b134662bedbcc89dc07ba191629ae228fcf2_amd64 |
| Red Hat | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:00b26a9b221c393319aa4bb073d40ef6d9f730ce5c1c8931931cb4946b1258c5_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | *, openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:00b26a9b221c393319aa4bb073d40ef6d9f730ce5c1c8931931cb4946b1258c5_arm64 |
| Red Hat | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:e958774e0055140276d9e91e556ec3792c3d0c1a0fbbb751e2292c1ea8b3b8db_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/ose-cluster-image-registry-rhel9-operator@sha256:e958774e0055140276d9e91e556ec3792c3d0c1a0fbbb751e2292c1ea8b3b8db_arm64, openshift4/ose-cluster-image-registry-rhel9-operator@sha256:e958774e0055140276d9e91e556ec3792c3d0c1a0fbbb751e2292c1ea8b3b8db_arm64 |
| Red Hat | rhcos@sha256:a675344dc33894b6dd7d83b7efaf5ee2076f4133842ad4b4cd3f29213dcc0347_x86_64 as a component of Red Hat OpenShift Container Platform 4.16 | *, rhcos@sha256:a675344dc33894b6dd7d83b7efaf5ee2076f4133842ad4b4cd3f29213dcc0347_x86_64 |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:7bbdce5721440f492dae5ce2b6aaa1861be4d2669efb47440aa19825933c179e_arm64 as a component of Red Hat OpenShift Container Platform 4.16 | openshift4/driver-toolkit-rhel9@sha256:7bbdce5721440f492dae5ce2b6aaa1861be4d2669efb47440aa19825933c179e_arm64, openshift4/driver-toolkit-rhel9@sha256:7bbdce5721440f492dae5ce2b6aaa1861be4d2669efb47440aa19825933c179e_arm64 |
…and 112 more
Timeline
- Oct 16, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 26, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:7944 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268465 issue
- https://issues.redhat.com/browse/OCPBUGS-33673 advisory
- https://issues.redhat.com/browse/OCPBUGS-37615 advisory
- https://issues.redhat.com/browse/OCPBUGS-38458 advisory
- https://issues.redhat.com/browse/OCPBUGS-39017 advisory
- https://issues.redhat.com/browse/OCPBUGS-39379 advisory
- https://issues.redhat.com/browse/OCPBUGS-41256 advisory
- https://issues.redhat.com/browse/OCPBUGS-41293 advisory
- https://issues.redhat.com/browse/OCPBUGS-41334 advisory
- https://issues.redhat.com/browse/OCPBUGS-41551 advisory
- https://issues.redhat.com/browse/OCPBUGS-42342 advisory
- https://issues.redhat.com/browse/OCPBUGS-42431 advisory
- https://issues.redhat.com/browse/OCPBUGS-42720 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7944.json advisory
- https://access.redhat.com/security/cve/CVE-2024-27289 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-27289 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-27289 advisory
- https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df advisory
…and 2 more