Jason Tsang

**Name of the Vulnerable Software and Affected Versions** PgBouncer versions prior to 1.25.1 **Description** A flaw exists in PgBouncer’s authentication process due to an untrusted search path within the `auth query` connection handler. This allows an unauthenticated attacker to execute arbitrary SQL code during authentication by manipulating the `search path` parameter in the StartupMessage. The `search path` parameter is used to define the schema search order for database objects. **Recommendations** Upgrade to PgBouncer version 1.25.1 or later.