CVE-2009-2940
pygresql - missing escape function
EPSS 0.58%
Description
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
How to fix CVE-2009-2940
To remediate CVE-2009-2940, upgrade the affected package to a fixed version below.
- Debian/pygresql—upgrade to 1:4.0-1 or later
- Debian/pygresql—upgrade to 1:3.8.1-1etch2 or later
- PyPI/pygresql—no fix listed
- —no fix listed
Is CVE-2009-2940 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1:4.0-1
- from 0, < 1:3.8.1-1etch2
- from 0, <= 3.8.1
- >= 3.8.1, <= 4.0