Is sqlx affected by GHSA-xmrp-424f-vfpx?

crates.io sqlx is affected in <0.8.1.

Is GHSA-xmrp-424f-vfpx being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

medium

GHSA-xmrp-424f-vfpx

Q: Is GHSA-xmrp-424f-vfpx being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

crates.io · sqlx

Summary

SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

Severity: medium
Also known as: RUSTSEC-2024-0363
Published: 2024-08-19

References

https://github.com/launchbadge/sqlx/issues/3440
https://github.com/launchbadge/sqlx
https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.