CVE
GHSA-8wj8-cfxr-9374
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Description of Vulnerability:
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
AWS recommends that customers upgrade to the following version: AWS NodeJS Wrapper to v2.0.1.
Source of Vulnerability Report:
Allistair Ishmael Hakim allistair.hakim@gmail.com
Affected products & versions:
AWS NodeJS Wrapper < 2.0.1.
Platforms:
MacOS/Windows/Linux
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374, https://github.com/aws/aws-advanced-nodejs-wrapper/pull/574, https://github.com/aws/aws-advanced-nodejs-wrapper, https://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1
Basic Information
Ecosystem
