Uninitialized Memory Exposure Affecting asyncpg package, versions [,0.21.0)
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.32% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ASYNCPG-597672
- published 10 Aug 2020
- disclosed 10 Aug 2020
- credit Elvis Pranskevichus
Introduced: 10 Aug 2020
CVE-2020-17446 Open this link in a new tabHow to fix?
Upgrade asyncpg
to version 0.21.0 or higher.
Overview
asyncpg is an An asyncio PostgreSQL driver
Affected versions of this package are vulnerable to Uninitialized Memory Exposure. When receiving multi-dimensional array data from the server, there was no dimensions validation.