Jackc

**Name of the Vulnerable Software and Affected Versions** pgx versions prior to 5.9.2 **Description** SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as a placeholder outside of a string literal and the value of that placeholder is controllable by an attacker, the issue can be exploited. **Recommendations** Update to version 5.9.2. As a temporary workaround, do not use the simple protocol to execute queries that utilize dollar quoted string literals containing potential placeholders.