AIKIDO-2025-10493
github.com/uptrace/bun/driver/pgdriver is vulnerable to SQL Injection
65
Medium Risk
This Affects:
github.com/uptrace/bun/driver/pgdriverTL;DR
Affected versions of the package are vulnerable to SQL injection due to improper handling of negative numbers in the format function. When processing negative values, the vulnerable versions fail to prepend a space before the minus sign. As a result, the minus sign may be interpreted as part of a SQL comment sequence (e.g., --), potentially altering the structure or logic of the underlying SQL query. This flaw enables attackers to inject malicious SQL code, which can lead to unauthorized data access, data manipulation, or other unintended behavior within the database.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/uptrace/bun/driver/pgdriver is vulnerable to SQL Injection in versions 0.2.11 - 1.2.14.
How to fix this
Upgrade the github.com/uptrace/bun/driver/pgdriver library to the patch version.
Links
CVE Detail
GitHub Release
Other
github.com/uptrace/bun/blob/1573ae7c2fffad1a7f72fd2d205e924b2fd4043b/driver/pgdriver/format.go#L62github.com/uptrace/bun/tree/master/driver/pgdriver
media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdfsonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant