Download
| Alert*
|
oval:org.secpod.oval:def:700387
Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL"s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL"s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because ... oval:org.mitre.oval:def:8161 It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new fu ... oval:org.secpod.oval:def:600285 It was discovered that pygresql, a PostgreSQL module for Python, was missing a function to call PQescapeStringConn. This is needed, because PQescapeStringConn honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The new functi ... |
