High severityNVD Advisory· Published Apr 4, 2024· Updated Mar 14, 2025
Remote Code Execution Vulnerability through the validate binary path API in pgAdmin 4
CVE-2024-3116
Description
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 8.5 | 8.5 |
Affected products
3- ghsa-coords2 versions
< 8.5+ 1 more
- (no CPE)range: < 8.5
- (no CPE)range: < 8.5-1.1
- Range: 0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-27jx-ffw8-xrqvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-3116ghsaADVISORY
- gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98ghsamitigationWEB
- github.com/pgadmin-org/pgadmin4/commit/fbbbfe22dd468bcfef1e1f833ec32289a6e56a8bghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/7326ghsaissue-trackingWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2ghsaWEB
- www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-pgadmin-cve-2024-3116ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2/mitre
News mentions
0No linked articles in our index yet.