pREST SQL Injection Vulnerability

A SQL injection vulnerability has been identified in pREST (PostgreSQL REST) versions prior to 2.0.0-rc3. This vulnerability arises because the application does not adequately validate user input, allowing malicious users to manipulate SQL queries and potentially access or modify database information. The issue is systemic, affecting multiple code paths and core endpoints of the application.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or modification. In pREST, this could also involve reading sensitive files from the server or executing commands, depending on the injected SQL.

Reproduction

To reproduce this vulnerability, send a GET request to the pREST API with an unvalidated 'schema' path parameter. The request can include SQL injection payloads, such as nested queries that exploit the application's SQL query construction process. This injection can be verified by observing the application's response, which will reflect the results of the injected SQL query execution.

Remediation

Users are advised to update to pREST version 2.0.0-rc3 or later, where this vulnerability has been patched. For those using earlier versions, it is recommended to manually validate and sanitize user inputs, especially those that can be used to construct SQL queries.