AIKIDO-2025-10493
github.com/uptrace/bun/driver/pgdriver is vulnerable to SQL Injection
65
Medium Risk
This Affects:
github.com/uptrace/bun/driver/pgdriverTL;DR
Affected versions of the package are vulnerable to SQL injection due to improper handling of negative numbers in the format function. When processing negative values, the vulnerable versions fail to prepend a space before the minus sign. As a result, the minus sign may be interpreted as part of a SQL comment sequence (e.g., --), potentially altering the structure or logic of the underlying SQL query. This flaw enables attackers to inject malicious SQL code, which can lead to unauthorized data access, data manipulation, or other unintended behavior within the database.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/uptrace/bun/driver/pgdriver is vulnerable to SQL Injection in versions 0.2.11 - 1.2.14.
How to fix this
Upgrade the github.com/uptrace/bun/driver/pgdriver library to the patch version.
Links
CVE Detail
GitHub Release
Other
github.com/uptrace/bun/blob/1573ae7c2fffad1a7f72fd2d205e924b2fd4043b/driver/pgdriver/format.go#L62github.com/uptrace/bun/tree/master/driver/pgdriver
media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdfsonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant