We currently have Boundary installed on an Azure postgres instance and while stigging the instance the following questions came up for vulnerabilities 214063, 214064 and 213065 which are related to the code base for Boundary.
PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.
PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.
PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.
Does anyone know if the code base for Boundary meets these requirements?
Thank you in advance!