MEDIUM 6.5

GHSA-m9hc-vxjj-4x6q

PGHoard Path Traversal vulnerability

Details

A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pghoard

Introduced in: 0 Fixed in: 2.6.1-rc

Fix pip install --upgrade 'pghoard>=2.6.1-rc'

References

https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-m9hc-vxjj-4x6q [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2024-56142 [ADVISORY]
https://github.com/Aiven-Open/pghoard/commit/fe9947642cc73bcacf6d19b93eb98f442223fb47 [WEB]
https://github.com/Aiven-Open/pghoard [PACKAGE]