-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/rudderlabs/rudder-server | go | < 1.3.0-rc.1 | 1.3.0-rc.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from unsanitized user input (taskRunID/sourceOrDestId) being directly interpolated into SQL queries via fmt.Sprintf. The patches (0d061ff, 2f956b7) explicitly replaced these insecure string constructions with parameterized queries and getSqlSafeTablename, confirming the original functions were vulnerable. GHSL-2022-097 advisory and CVE description both identify these patterns as SQL injection vectors. The PostgreSQL superuser context amplified the impact to RCE.