ElectricSQL database takeover vulnerability found by AI(casco.com)
5 pointsby brene4 hours ago1 comment
  • brene4 hours ago
    Rene from Casco here. While our agents were performing a security test, they discovered a database takeover vulnerability. It's a good example of how SQL injection is still a test path that needs to be explicitly be validated. Really want to give props to the ElectricSQL team from issue reported to issue fixed and deployed, it took ~2 hours.
    • thruflo3 hours ago
      Thanks from the Electric side to the Casco team for the responsible disclosure, comprehensive repro and great communication through the process.

      This was a critical one to identify and patch: https://github.com/electric-sql/electric/security/advisories...

      Just to repeat for visibility, if you're self-hosting the Electric sync service, upgrade to version >= 1.5.0 immediately.