Описание
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Not affected | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Satellite 5.7 | postgresql92-postgresql | Not affected | ||
| Red Hat Software Collections | postgresql92-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql94-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql95-postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
7.6 High
CVSS2
Связанные уязвимости
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
Уязвимость системы управления базами данных PostgreSQL, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3
7.6 High
CVSS2