x/vulndb: potential Go vuln in github.com/rudderlabs/rudder-server: CVE-2023-30625 #1863
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2023-30625 references github.com/rudderlabs/rudder-server, which may be a Go module.
Description:
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the
rudder
role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.References:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: