FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

puppetdb -- Potential SQL injection

Affected packages
puppetdb6 < 6.22.1
puppetdb7 < 7.11.1

Details

VuXML ID aeb4c85b-3600-11ed-b52d-589cfc007716
Discovery 2022-08-03
Entry 2022-09-16

Puppet reports:

The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.

References

CVE Name CVE-2022-31197
URL https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
URL https://nvd.nist.gov/vuln/detail/CVE-2022-31197