Name of the Vulnerable Software and Affected Versions Diesel versions prior to 2.2.3

Description The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server interpreting the rest of the string as binary protocol commands or other data. It is estimated that all published versions of Diesel prior to 2.2.3 are affected. Users should validate untrustworthy user input and reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB.

Recommendations For versions prior to 2.2.3, update to a Diesel version newer than 2.2.3, which includes fixes for the problem. As a temporary workaround, consider validating user input to reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB. For web application backends, consider adding some middleware that limits the size of request bodies by default.