-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| aws_advanced_python_wrapper | pip | < 1.4.0 | 1.4.0 |
Miggo AIRoot Cause AnalysisThe vulnerability exists because the AWS Advanced Python Wrapper for PostgreSQL constructs and executes SQL queries that call PostgreSQL functions and reference system tables without explicitly specifying the pg_catalog schema. The vulnerability is a privilege escalation issue where a low-privilege authenticated user can create a crafted function in a public schema (e.g., public) with the same name as a function used in the wrapper's queries (e.g., aurora_db_instance_identifier, pg_is_in_recovery, VERSION). When the wrapper executes a query containing one of these function names, PostgreSQL's default behavior is to search for the function in the user's search_path. If the user's schema comes before pg_catalog, their malicious function will be executed with the privileges of the application's database user, which could be a superuser like rds_superuser. The patch addresses this by adding the pg_catalog. prefix to all relevant function and table names in the SQL queries, ensuring that the intended system functions are always called.