The extension fails to properly sanitize user input and is susceptible to SQL Injection.
An authenticated user with privileges to configure email template scan can execute arbitrary SQL queries.
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. NOTE: This patch is not included in 2.1.17. Please apply PRODSECBUG-2198 patch in addition to upgrade to 2.1.17.
An authenticated user can embed malicious code through a Stored Cross-Site Scripting vulnerability (XSS) or an SQL Injection vulnerability in the Catalog section by manipulating attribute_code.
A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle. This attack requires a CREATE privilege on some non-temporary schema or a TRIGGER privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have CREATE privilege on public schema.
mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value to hex. Instead, it assumes the string value provided is a valid hex string and doesn’t do any checks on it. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. The escaping is implicit as the Binary data type always converts it’s value to a hex string for ActiveRecord to use.