VYPR

rpm package

suse/pgadmin4&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (5)

  • CVE-2025-27152Mar 7, 2025
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka

  • CVE-2023-1907Jan 9, 2025
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

  • CVE-2024-4068May 13, 2024
    affected < 4.30-150300.3.18.1fixed 4.30-150300.3.18.1

    The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program

  • CVE-2024-2044Mar 7, 2024
    affected < 4.30-150300.3.12.1fixed 4.30-150300.3.12.1

    pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is

  • CVE-2023-0241Mar 27, 2023
    affected < 4.30-150300.3.9.1fixed 4.30-150300.3.9.1

    pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.