CNNVD-202510-3506 Information

CNNVD ID

CNNVD-202510-3506

Related CVE

CVE-2025-61385

• CNNVD Published: 2025-10-27

Description (Chinese)

pg8000是tlocke个人开发者的一个PostgreSQL数据库驱动程序。 pg8000 1.31.4版本存在安全漏洞，该漏洞源于未正确处理Python列表输入，可能导致SQL注入攻击。

Description (English)

pg8000 is a PostgreSQL driver for tlocke personal developers. Version 1.31.4 of pg8000 has a security loophole, which stems from incorrect processing of Python list entries, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://codeberg.org/tlocke/pg8000/commit/8663c746b02286c32f19c385f0e2e5da9e4fa140 https://github.com/bmcyver/vulnerability-research/tree/main/CVE-2025-61385

Patch

https://pypi.org/project/pg8000/