Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-vmw2-qwm8-x84c | Marten has an injection vulnerability in its full-text search regConfig parameter |
Sat, 30 May 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jasperfx
Jasperfx marten |
|
| Vendors & Products |
Jasperfx
Jasperfx marten |
Thu, 28 May 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. This vulnerability is fixed in 8.36.1. | |
| Title | Marten has an SQL injection vulnerability in its full-text search regConfig parameter | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-30T02:13:53.945Z
Reserved: 2026-05-11T20:14:43.200Z
Link: CVE-2026-45288
Updated: 2026-05-30T02:13:47.829Z
Status : Deferred
Published: 2026-05-28T21:16:31.220
Modified: 2026-06-01T18:41:24.920
Link: CVE-2026-45288
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:47:46Z
Github GHSA