vulnerability

FreeBSD: VID-aeb4c85b-3600-11ed-b52d-589cfc007716 (CVE-2022-31197): puppetdb -- Potential SQL injection

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:H/Au:S/C:C/I:C/A:C)	Sep 16, 2022	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:H/Au:S/C:C/I:C/A:C)

Published

Sep 16, 2022

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Puppet reports: The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.

Solutions

freebsd-upgrade-package-puppetdb6freebsd-upgrade-package-puppetdb7

References

CVE-2022-31197
https://attackerkb.com/topics/CVE-2022-31197
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today