8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-7wq2-32h4-9hc9

GHSA-7wq2-32h4-9hc9: AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability:

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

AWS recommends customers upgrade to the following versions: AWS Go Wrapper to 2025-10-17.

Source of Vulnerability Report:

Allistair Ishmael Hakim allistair.hakim@gmail.com

Affected products & versions:

AWS Go Wrapper < 2025-10-17.

Platforms:

MacOS/Windows/Linux

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-7wq2-32h4-9hc9

GHSA-7wq2-32h4-9hc9:

8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/aws/aws-advanced-go-wrapper/awssql	go	< 1.1.1	1.1.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists because the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL constructs SQL queries without using fully qualified names for various PostgreSQL functions and operators. This allows a low-privilege authenticated user to create crafted functions with the same names in a different schema. If this schema is in the PostgreSQL search_path before the pg_catalog schema, the database will execute the user's malicious function instead of the intended system function. This can lead to privilege escalation, as the function may be executed with the permissions of a higher-privileged user, such as rds_superuser.

The patch addresses this by explicitly specifying the pg_catalog schema for all built-in PostgreSQL functions and operators used in the queries. This ensures that the correct, trusted functions are always executed, regardless of the search_path configuration.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-7wq2-32h4-9hc9: AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability:

Source of Vulnerability Report:

Affected products & versions:

Platforms:

GHSA-7wq2-32h4-9hc9:

8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8

8

Basic Information

Basic Information

GHSA-7wq2-32h4-9hc9: AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability:

Source of Vulnerability Report:

Affected products & versions:

Platforms:

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI