Candidate: CVE-2017-16082
PublicDate: 2018-06-07 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
 https://nodesecurity.io/advisories/521
Description:
 A remote code execution vulnerability was found within the pg module when
 the remote database or query specifies a specially crafted column name.
 There are 2 likely scenarios in which one would likely be vulnerable. 1)
 Executing unsafe, user-supplied sql which contains a malicious column name.
 2) Connecting to an untrusted database and executing a query which returns
 results where any of the column names are malicious.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-postgres:
upstream_node-postgres: released (7.7.1-1)
precise/esm_node-postgres: DNE
trusty_node-postgres: ignored (out of standard support)
trusty/esm_node-postgres: DNE
xenial_node-postgres: ignored (end of standard support, was needs-triage)
bionic_node-postgres: DNE
focal_node-postgres: not-affected (7.14.0-1)
groovy_node-postgres: not-affected
hirsute_node-postgres: not-affected
impish_node-postgres: not-affected
jammy_node-postgres: not-affected
devel_node-postgres: not-affected