Uncaught Exception The advisory has been revoked - it doesn't affect any version of package github.com/jackc/pgx/v4  (opens in a new tab)


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Uncaught Exception vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMJACKCPGXV4-7416900
  • published3 Jul 2024
  • disclosed2 Jul 2024
  • creditUnknown

Introduced: 2 Jul 2024

CVE NOT AVAILABLE CWE-248  (opens in a new tab)

How to fix?

There is no fixed version for github.com/jackc/pgx/v4.

Amendment

This was deemed not a vulnerability.

Overview

github.com/jackc/pgx/v4 is a pure Go driver and toolkit for PostgreSQL

Affected versions of this package are vulnerable to Uncaught Exception that allows creating a pipeline in error with a PgConn that is busy or closed. This allows an attacker who can ascertain that a pipeline is in such a state to trigger a panic by calling the Sync() function on the pipeline.