发布于3月6日3月6日 Members PostgreSQL: CVE-2024-10979: PostgreSQL PL/Perl environment variable changes execute arbitrary code Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/15/2024 Created 11/16/2024 Added 11/15/2024 Modified 02/14/2025 Description Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) postgres-upgrade-13_17 postgres-upgrade-14_14 postgres-upgrade-15_9 postgres-upgrade-16_5 postgres-upgrade-17_1 References https://attackerkb.com/topics/cve-2024-10979 CVE - 2024-10979
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。