Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SQL Injection vulnerability in SECURITY DEFINER function pgsodium.mask_role #116

Open
svenklemm opened this issue Oct 1, 2024 · 0 comments
Open

SQL Injection vulnerability in SECURITY DEFINER function pgsodium.mask_role #116

svenklemm opened this issue Oct 1, 2024 · 0 comments

Comments

@svenklemm
Copy link

pgsodium.mask_role does not properly quote the view_name argument before using it in a generated sql query. This is especially critical since mask_role is a security definer function.

There might be similar missing quoting in other non-security definer functions.

Fixed by #115
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@svenklemm