Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
References
Configurations
History
05 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected. |
15 Feb 2024, 16:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Postgresql postgresql
Postgresql |
|
Summary |
|
|
CPE | cpe:2.3:a:postgresql:postgresql:15.1:*:*:*:*:*:*:* | |
References | () https://app.flows.sh:8443/project/default%2C - Broken Link | |
References | () https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213 - Third Party Advisory | |
References | () https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer. - Broken Link | |
References | () https://reference1.example.com/project/default/logs/explorer%2C - Broken Link |
08 Feb 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 18:15
Updated : 2024-04-11 01:24
NVD link : CVE-2024-24213
Mitre link : CVE-2024-24213
CVE.ORG link : CVE-2024-24213
JSON object : View
Products Affected
postgresql
- postgresql
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')