Hacker News new | ask | show | jobs
ElectricSQL database takeover vulnerability found by AI (casco.com)
5 points by brene 58 days ago
1 comments
brene 58 days ago
Rene from Casco here. While our agents were performing a security test, they discovered a database takeover vulnerability. It's a good example of how SQL injection is still a test path that needs to be explicitly be validated. Really want to give props to the ElectricSQL team from issue reported to issue fixed and deployed, it took ~2 hours.
link
thruflo 58 days ago
Thanks from the Electric side to the Casco team for the responsible disclosure, comprehensive repro and great communication through the process.

This was a critical one to identify and patch: https://github.com/electric-sql/electric/security/advisories...

Just to repeat for visibility, if you're self-hosting the Electric sync service, upgrade to version >= 1.5.0 immediately.

link