Skip to content

Unsafe SQL for commands with table names list input #2

New issue
New issue
Open
Bug
Open
Unsafe SQL for commands with table names list input#2
Bug
Labels
good first issueGood for newcomerssecuritypotential breach if misuse of the software
@qfritz

Description

@qfritz
qfritz
opened on Feb 24, 2026

Table names when creating publications or checking replica identity are user provided and directly interpolated within SQL, could lead to arbitrary code execution.

This is minor as this tool is aimed to people already with higher roles on the database, but still should be fixed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomerssecuritypotential breach if misuse of the software

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions