The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pygresql | Pygresql | 3.8.1 (including) | 3.8.1 (including) |
Pygresql | Pygresql | 4.0 (including) | 4.0 (including) |
Pygresql | Ubuntu | dapper | * |
Pygresql | Ubuntu | hardy | * |
Pygresql | Ubuntu | intrepid | * |
Pygresql | Ubuntu | upstream | * |