{"id":"CVE-2017-16082","details":"A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.","aliases":["GHSA-wc9v-mj63-m9g5"],"modified":"2026-03-14T09:22:24.942195Z","published":"2018-06-07T02:29:01.393Z","references":[{"type":"EVIDENCE","url":"https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability"},{"type":"EVIDENCE","url":"https://nodesecurity.io/advisories/521"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.0.0"},{"fixed":"2.11.2"}]},{"events":[{"introduced":"3.0.0"},{"fixed":"3.6.4"}]},{"events":[{"introduced":"4.0.0"},{"fixed":"4.5.7"}]},{"events":[{"introduced":"0"},{"fixed":"5.2.1"}]},{"events":[{"introduced":"6.0.0"},{"fixed":"6.4.2"}]},{"events":[{"introduced":"7.0.0"},{"fixed":"7.1.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16082.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}