Version v5.7.1

pgx

PostgreSQL driver and toolkit for Go

Install Instructions

go get github.com/jackc/pgx
Current Version Release Date Sep 10, 2024
Language Go
Package URL (purl) pkg:github/jackc/pgx@5.7.1

Find pgx vulnerabilities in your supply chain.

Scan for Free

pgx Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2024-27304 High 9.8 CWE-190, CWE-89 0.00044 0.11741

pgx Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-27304 pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. Patch → 5.5.4

Instantly see if these pgx vulnerabilities affect your code.

Scan for Free