{"id":"CVE-2024-44905","details":"go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.","aliases":["GHSA-6xp3-p59p-q4fj","GO-2025-3764"],"modified":"2026-03-20T12:38:54.605120Z","published":"2025-06-12T16:15:22.007Z","related":["CGA-36p9-84vr-53c8","SUSE-SU-2026:0037-1","SUSE-SU-2026:0292-1","openSUSE-SU-2025:15405-1"],"references":[{"type":"WEB","url":"https://github.com/go-pg/pg/blob/30e7053c6cacdd44d06cf2b92183b49188b7c922/types/append_value.go#L151"},{"type":"PACKAGE","url":"https://github.com/go-pg/pg"},{"type":"EVIDENCE","url":"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"},{"type":"EVIDENCE","url":"https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/go-pg/pg","events":[{"introduced":"0"},{"last_affected":"30e7053c6cacdd44d06cf2b92183b49188b7c922"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.13.0"}]}}],"versions":["extra/pgdebug/v0.1.0","extra/pgdebug/v0.1.1","extra/pgdebug/v0.2.0","extra/pgdebug/v10.10.0","extra/pgdebug/v10.10.1","extra/pgdebug/v10.10.3","extra/pgdebug/v10.10.4","extra/pgdebug/v10.10.5","extra/pgdebug/v10.10.6","extra/pgdebug/v10.10.7","extra/pgdebug/v10.11.0","extra/pgdebug/v10.11.1","extra/pgdebug/v10.11.2","extra/pgdebug/v10.12.0","extra/pgdebug/v10.13.0","extra/pgdebug/v10.9.1","extra/pgdebug/v10.9.3","extra/pgotel/v0.1.0","extra/pgotel/v0.2.0","extra/pgotel/v0.3.0","extra/pgotel/v0.3.1","extra/pgotel/v10.10.0","extra/pgotel/v10.10.1","extra/pgotel/v10.10.3","extra/pgotel/v10.10.4","extra/pgotel/v10.10.5","extra/pgotel/v10.10.6","extra/pgotel/v10.10.7","extra/pgotel/v10.11.0","extra/pgotel/v10.11.1","extra/pgotel/v10.11.2","extra/pgotel/v10.12.0","extra/pgotel/v10.13.0","extra/pgotel/v10.9.1","extra/pgotel/v10.9.3","extra/pgsegment/v0.1.0","extra/pgsegment/v0.2.0","extra/pgsegment/v10.10.0","extra/pgsegment/v10.10.1","extra/pgsegment/v10.10.3","extra/pgsegment/v10.10.4","extra/pgsegment/v10.10.5","extra/pgsegment/v10.10.6","extra/pgsegment/v10.10.7","extra/pgsegment/v10.11.0","extra/pgsegment/v10.11.1","extra/pgsegment/v10.11.2","extra/pgsegment/v10.12.0","extra/pgsegment/v10.13.0","extra/pgsegment/v10.9.1","extra/pgsegment/v10.9.3","v1","v10.0.0","v10.0.0-alpha.0","v10.0.0-beta.0","v10.0.0-beta.1","v10.0.0-beta.10","v10.0.0-beta.11","v10.0.0-beta.12","v10.0.0-beta.13","v10.0.0-beta.14","v10.0.0-beta.15","v10.0.0-beta.16","v10.0.0-beta.17","v10.0.0-beta.2","v10.0.0-beta.3","v10.0.0-beta.4","v10.0.0-beta.5","v10.0.0-beta.6","v10.0.0-beta.7","v10.0.0-beta.8","v10.0.0-beta.9","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.0.5","v10.0.6","v10.0.7","v10.1.0","v10.1.1","v10.10.0","v10.10.1","v10.10.2","v10.10.3","v10.10.4","v10.10.5","v10.10.6","v10.10.7","v10.11.0","v10.11.1","v10.11.2","v10.12.0","v10.13.0","v10.2.0","v10.2.1","v10.3.0","v10.3.1","v10.3.2","v10.4.0","v10.4.1","v10.5.0","v10.5.1","v10.6.0","v10.6.1","v10.6.2","v10.7.0","v10.7.1","v10.7.2","v10.7.3","v10.7.4","v10.7.5","v10.7.6","v10.7.7","v10.8.0","v10.9.0","v10.9.1","v10.9.3","v2","v3","v3.1","v3.1.1","v3.2","v3.2.1","v3.3","v3.3.1","v3.3.10","v3.3.11","v3.3.12","v3.3.13","v3.3.14","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9","v3.4.0","v3.4.1","v3.4.2","v3.5.0","v3.5.1","v3.5.2","v3.5.3","v3.5.4","v3.5.5","v3.5.6","v4.0.0","v4.0.1","v4.0.10","v4.0.11","v4.0.12","v4.0.13","v4.0.2","v4.0.3","v4.0.4","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9","v4.1.0","v4.1.1","v4.1.2","v4.1.3","v4.1.4","v4.1.5","v4.1.6","v4.1.7","v4.1.8","v4.2.0","v4.3.0","v4.3.1","v4.4.0","v4.5.0","v4.5.1","v4.5.2","v4.5.3","v4.5.4","v4.5.5","v4.5.6","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.6.4","v4.6.5","v4.7.0","v4.7.1","v4.7.10","v4.7.11","v4.7.2","v4.7.3","v4.7.4","v4.7.5","v4.7.6","v4.7.7","v4.7.8","v4.7.9","v4.8.0","v4.8.1","v4.8.10","v4.8.11","v4.8.12","v4.8.2","v4.8.3","v4.8.4","v4.8.5","v4.8.6","v4.8.7","v4.8.8","v4.8.9","v4.9.0","v4.9.1","v4.9.2","v4.9.3","v4.9.4","v5.0.0","v5.0.1","v5.0.10","v5.0.11","v5.0.12","v5.0.13","v5.0.14","v5.0.15","v5.0.16","v5.0.17","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v5.1.0","v5.1.1","v5.1.2","v5.1.3","v5.1.4","v5.1.5","v5.1.6","v5.1.7","v5.1.8","v5.1.9","v5.2.0","v5.2.1","v5.2.10","v5.2.2","v5.2.3","v5.2.4","v5.2.5","v5.2.6","v5.2.7","v5.2.8","v5.2.9","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.1.0","v6.1.1","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.1.7","v6.1.8","v6.10.0","v6.11.0","v6.11.1","v6.11.2","v6.12.0","v6.13","v6.13.1","v6.13.2","v6.13.3","v6.13.4","v6.13.5","v6.13.6","v6.14.0","v6.14.1","v6.14.2","v6.14.3","v6.14.4","v6.14.5","v6.15.0","v6.15.1","v6.2.0","v6.2.1","v6.2.2","v6.2.3","v6.3.0","v6.3.1","v6.3.2","v6.3.3","v6.3.4","v6.3.5","v6.4.0","v6.4.1","v6.4.10","v6.4.11","v6.4.12","v6.4.13","v6.4.14","v6.4.15","v6.4.16","v6.4.17","v6.4.18","v6.4.19","v6.4.2","v6.4.20","v6.4.21","v6.4.22","v6.4.23","v6.4.24","v6.4.3","v6.4.4","v6.4.5","v6.4.6","v6.4.7","v6.4.8","v6.4.9","v6.5.0","v6.5.1","v6.6.0","v6.6.1","v6.6.10","v6.6.11","v6.6.12","v6.6.13","v6.6.14","v6.6.15","v6.6.16","v6.6.17","v6.6.18","v6.6.19","v6.6.2","v6.6.20","v6.6.21","v6.6.22","v6.6.23","v6.6.24","v6.6.25","v6.6.26","v6.6.3","v6.6.4","v6.6.5","v6.6.6","v6.6.7","v6.6.8","v6.6.9","v6.7.0","v6.7.1","v6.7.2","v6.8.0","v6.8.1","v6.9.0","v6.9.1","v6.9.2","v6.9.3","v6.9.4","v6.9.5","v6.9.6","v7.0.0","v7.1.0","v7.1.1","v7.1.2","v7.1.3","v7.1.4","v7.1.5","v7.1.6","v7.1.7","v8.0.0","v8.0.1","v8.0.2","v8.0.3","v8.0.4","v9.0.0","v9.0.0-beta","v9.0.0-beta.1","v9.0.0-beta.10","v9.0.0-beta.11","v9.0.0-beta.12","v9.0.0-beta.13","v9.0.0-beta.14","v9.0.0-beta.15","v9.0.0-beta.2","v9.0.0-beta.3","v9.0.0-beta.4","v9.0.0-beta.5","v9.0.0-beta.6","v9.0.0-beta.7","v9.0.0-beta.8","v9.0.0-beta.9","v9.0.1","v9.0.2","v9.0.3","v9.0.4","v9.1.0","v9.1.1","v9.1.2","v9.1.3","v9.1.4","v9.1.5","v9.1.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44905.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}