Untrusted search path in auth_query connection handler in PgBouncer before 1.25.0 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
GHSA-qpxx-2fwx-f5qj: Untrusted search path in auth_query connection handler in PgBouncer before 1.25.0 allows an...
PgBouncer versions before 1.25.0 have an untrusted search path vulnerability in the auth_query connection handler, allowing unauthenticated attackers to execute arbitrary SQL during authentication.