MEDIUM 6.5

GHSA-9crj-hpxh-f6qg

pgAdmin 4 vulnerable to directory traversal

Details

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 6.19

Fix pip install --upgrade 'pgadmin4>=6.19'

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0241 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/5734 [WEB]
https://github.com/akshay-joshi/pgadmin4/commit/64d7289c5b3831137b17bb4c5022ef4f63d2ef42 [WEB]
https://github.com/pgadmin-org [WEB]
https://jvn.jp/en/jp/JVN01398015 [WEB]