Fix sql injection vulnerability in pgsodium.mask_role #115

svenklemm · 2024-10-01T04:40:01Z

pgsodium.mask_role does not properly quote the view_name argument before using it in a generated sql query. This is especially critical since mask_role is a security definer function.

Fix sql injection vulnerability in pgsodium.mask_role

02b2e6e

pgsodium.mask_role does not properly quote the view_name argument before using it in a generated sql query. This is especially critical since mask_role is a security definer function.

svenklemm mentioned this pull request Oct 1, 2024

SQL Injection vulnerability in SECURITY DEFINER function pgsodium.mask_role #116

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix sql injection vulnerability in pgsodium.mask_role #115

Fix sql injection vulnerability in pgsodium.mask_role #115

svenklemm commented Oct 1, 2024

Fix sql injection vulnerability in pgsodium.mask_role #115

Are you sure you want to change the base?

Fix sql injection vulnerability in pgsodium.mask_role #115

Conversation

svenklemm commented Oct 1, 2024