-
dpsutton authored
addresses https://nvd.nist.gov/vuln/detail/CVE-2022-31197 https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md > fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to > escape column identifiers so as to prevent SQL injection. > > Previously, the column names for both key and data columns in the > table were copied as-is into the generated SQL. This allowed a > malicious table with column names that include statement terminator > to be parsed and executed as multiple separate commands.
dpsutton authoredaddresses https://nvd.nist.gov/vuln/detail/CVE-2022-31197 https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md > fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to > escape column identifiers so as to prevent SQL injection. > > Previously, the column names for both key and data columns in the > table were copied as-is into the generated SQL. This allowed a > malicious table with column names that include statement terminator > to be parsed and executed as multiple separate commands.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.