Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7wq2-32h4-9hc9: AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability:

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

AWS recommends customers upgrade to the following versions: AWS Go Wrapper to 2025-10-17.

Source of Vulnerability Report:

Allistair Ishmael Hakim allistair.hakim@gmail.com

Affected products & versions:

AWS Go Wrapper < 2025-10-17.

Platforms:

MacOS/Windows/Linux

ghsa
Open in Source
#sql#vulnerability#web#mac#windows#amazon#linux#git#intel#aws#auth#postgres

Skip to content

Navigation Menu

    • GitHub Copilot

      Write better code with AI

    • GitHub Spark New

      Build and deploy intelligent apps

    • GitHub Models New

      Manage and compare prompts

    • GitHub Advanced Security

      Find and fix vulnerabilities

    • Actions

      Automate any workflow

*   Codespaces
    
    Instant dev environments
    
*   Issues
    
    Plan and track work
    
*   Code Review
    
    Manage code changes
    
*   Discussions
    
    Collaborate outside of code
    
*   Code Search
    
    Find more, search less
    

View all features

  • Explore

    • Learning Pathways
    • Events & Webinars
    • Ebooks & Whitepapers
    • Customer Stories
    • Partners
    • Executive Insights

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-7wq2-32h4-9hc9

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Package

gomod github.com/aws/aws-advanced-go-wrapper/awssql (Go)

Affected versions

< 1.1.1

Description

Description of Vulnerability:

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.

AWS recommends customers upgrade to the following versions: AWS Go Wrapper to 2025-10-17.

Source of Vulnerability Report:

Allistair Ishmael Hakim allistair.hakim@gmail.com

Affected products & versions:

AWS Go Wrapper < 2025-10-17.

Platforms:

MacOS/Windows/Linux

References

  • GHSA-7wq2-32h4-9hc9
  • aws/aws-advanced-go-wrapper#270
  • aws/aws-advanced-go-wrapper@7b405f9

Published to the GitHub Advisory Database

Nov 13, 2025

Last updated

Nov 13, 2025

EPSS score

ghsa: Latest News

GHSA-mh29-5h37-fv8m: js-yaml has prototype pollution in merge (<<)
ghsa