FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

puppetdb -- Potential SQL injection

Affected packages
puppetdb6 < 6.22.1
puppetdb7 < 7.11.1


VuXML ID aeb4c85b-3600-11ed-b52d-589cfc007716
Discovery 2022-08-03
Entry 2022-09-16

Puppet reports:

The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.


CVE Name CVE-2022-31197