rpm package
suse/pgadmin4&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27152 | Med | 5.3 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Mar 7, 2025 | axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka | |
| CVE-2023-1907 | Hig | 8.0 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | Jan 9, 2025 | A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | |
| CVE-2024-4068 | Hig | 7.5 | < 4.30-150300.3.18.1 | 4.30-150300.3.18.1 | May 14, 2024 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program | |
| CVE-2024-2044 | Cri | 9.9 | < 4.30-150300.3.12.1 | 4.30-150300.3.12.1 | Mar 7, 2024 | pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is | |
| CVE-2023-0241 | Med | 6.5 | < 4.30-150300.3.9.1 | 4.30-150300.3.9.1 | Mar 27, 2023 | pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database. |
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
- affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program
- affected < 4.30-150300.3.12.1fixed 4.30-150300.3.12.1
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is
- affected < 4.30-150300.3.9.1fixed 4.30-150300.3.9.1
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.