Skip to content

[Aikido] Fix critical issue in jackc/pgx/v5 via minor version upgrade from 5.9.1 to 5.9.2#19

Closed
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-SECOPS-325-update-packages-38374237-r4qz
Closed

[Aikido] Fix critical issue in jackc/pgx/v5 via minor version upgrade from 5.9.1 to 5.9.2#19
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/aikido-security-SECOPS-325-update-packages-38374237-r4qz

Conversation

@aikido-autofix
Copy link
Copy Markdown
Contributor

@aikido-autofix aikido-autofix Bot commented May 22, 2026

Upgrade pgx to fix critical SQL injection vulnerability in simple protocol when dollar-quoted strings contain attacker-controlled placeholders.

✅ 1 CVE resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue Severity           Description 
CVE-2026-41889
 
🚨 CRITICAL
 [github.com/jackc/pgx/v5] SQL injection vulnerability exists when using the non-default simple protocol with dollar-quoted string literals containing attacker-controllable placeholder-like text. This allows remote code execution through malicious SQL injection.
🔗 Related Tasks

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 22, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​jackc/​pgx/​v5@​v5.9.1 ⏵ v5.9.273 +1100 +1100100100

View full report

@oleg-render oleg-render requested review from aaijazi and metonym May 22, 2026 19:46
@SEANDOUGHTY SEANDOUGHTY deleted the fix/aikido-security-SECOPS-325-update-packages-38374237-r4qz branch May 25, 2026 17:33
render-oss-copybara-sync Bot pushed a commit that referenced this pull request May 25, 2026
@aikido-autofix @render-oss-copybara-sync
fix(security): update github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 (#67)
fc9a627 
Closes #19

Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com>
GitOrigin-RevId: 06ee67406d13f9bf51cbdfd0d78f2a4732e7adf5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@metonym metonym metonym approved these changes

@aaijazi aaijazi Awaiting requested review from aaijazi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@metonym