AIKIDO-2026-10279
github.com/getsynq/dwhsupport is vulnerable to Improper Input Validation
42
Medium Risk
This Affects:
github.com/getsynq/dwhsupportTL;DR
Affected versions of this package fail to properly handle invalid UTF-8 sequences returned by external warehouses (e.g., Redshift), causing protojson.Marshal to error when google.protobuf.Value.string_value receives corrupted input. Because metadata helpers (StringValue, StringPtrValue, TrimmedStringPtrValue, StringListValue) did not sanitize malformed bytes, a truncated sequence (e.g., \xa0 without leading \xc2) can trigger job failures and processing deadlocks. An attacker controlling upstream data or error messages could intentionally inject malformed UTF-8 to induce repeated serialization failures, resulting in denial-of-service conditions or pipeline disruption.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/getsynq/dwhsupport is vulnerable to Improper Input Validation in versions 0.1.0 - 0.9.0.
How to fix this
Upgrade the github.com/getsynq/dwhsupport library to a patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant