CVE-2025-29744 Information
Jun 13, 2025
cve
Description
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
Reference
https://github.com/vitaly-t/pg-promise/discussions/911 https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Related CNNVD
CNNVD-202506-1687 (Published: 2025-06-12)
Share on: