CVE-2023-22626 – pghero

Package

Manager: gem
Name: pghero
Vulnerable Version: >=0 <3.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00214 pctl0.43933

Details

PgHero Allows Information Disclosure Through EXPLAIN Feature PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)

Metadata

Created: 2023-01-05T09:30:28Z
Modified: 2023-01-11T20:54:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-vf99-xw26-86g5/GHSA-vf99-xw26-86g5.json
CWE IDs: ["CWE-209"]
Alternative ID: GHSA-vf99-xw26-86g5
Finding: F037
Auto approve: 1