asyncpg@0.10.1 vulnerabilities

An asyncio PostgreSQL driver

  • latest version

    0.30.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the asyncpg package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Uninitialized Memory Exposure

    asyncpg is an An asyncio PostgreSQL driver

    Affected versions of this package are vulnerable to Uninitialized Memory Exposure. When receiving multi-dimensional array data from the server, there was no dimensions validation.

    How to fix Uninitialized Memory Exposure?

    Upgrade asyncpg to version 0.21.0 or higher.

    [,0.21.0)