postgraas-server vulnerable to SQL injection
        
  Critical severity
        
          GitHub Reviewed
      
        Published
          Jul 18, 2023 
          to the GitHub Advisory Database
          •
          Updated Mar 1, 2024 
      
  
Description
        Published by the National Vulnerability Database
      Jul 18, 2023 
    
  
        Published to the GitHub Advisory Database
      Jul 18, 2023 
    
  
        Reviewed
      Jul 18, 2023 
    
  
        Last updated
      Mar 1, 2024 
    
  
A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function
_create_pg_connection/create_postgres_dbof the filepostgraas_server/backends/postgres_cluster/postgres_cluster_driver.pyof the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.References