What is CVE-2017-16082?

CVE-2017-16082 is a vulnerability in Hackerone Pg Node Module, classified under Code Injection. Published 2018-06-07.

Is CVE-2017-16082 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Hackerone Pg Node Module

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, us…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.708 (98.7th percentile) — read the EPSS interpretation.

Affected products

Hackerone Pg Node Module — versions < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

node-postgres.com/announcements (x_refsource_MISC)
nodesecurity.io/advisories/521 (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-16082?: CVE-2017-16082 is a vulnerability in Hackerone Pg Node Module, classified under Code Injection. Published 2018-06-07.
Is CVE-2017-16082 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.