CVE-2025-58450
CVE-2025-58450
9.3
CriticalPublished:
Last updated:
Source:security-advisories@github.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a patch to mitigate such attempts.
References
security-advisories@github.com
https://github.com/prest/prest/commit/47d02b87842900f77d76fc694d9aa7e983b0711csecurity-advisories@github.com
https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98