More links: https://github.com/advisories/GHSA-jqcq-xjh3-6g23
https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postgresql-wire-protocol-parsers-pgproto3-pgx The attacker require control of the server/proxy or the ability to man-in-the-middle it, and normally TLS will be used to protect end-points, as explained in the last link above under "Threat Model". Thus, I think the CVSS 'Privileges required: None' is inaccurate. /Simon
signature.asc
Description: PGP signature
