Skip to content

[GHSA-g73c-fw68-pwx3] pgAdmin 4 Vulnerable to Remote Code Execution #5439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[GHSA-g73c-fw68-pwx3] pgAdmin 4 Vulnerable to Remote Code Execution #5439

wants to merge 1 commit into from

Conversation

py0zz1
Copy link

@py0zz1 py0zz1 commented Apr 4, 2025

Updates

  • References

Comments
reference link

@github-actions github-actions bot changed the base branch from main to py0zz1/advisory-improvement-5439 April 4, 2025 18:49
ghost
ghost suggested changes Apr 4, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copyrhgt notis andres miranda

@py0zz1
Copy link
Author

py0zz1 commented Apr 4, 2025

copyrhgt notis andres miranda

I understood it to mean to notify the copyright. What can I do?

@shelbyc
Copy link
Contributor

shelbyc commented Apr 4, 2025

Hi @py0zz1, I'm not sure what @andresM80 is talking about.

With respect to the reference link https://gist.github.com/py0zz1/a81c0e3222dac3772bf44ae5eb8cfd1e, I recommend that you email cna@postgresql.org to ask to have the link added to the CVE record. cna@postgresql.org is the email for PostgreSQL, the CNA that assigned CVE-2025-2945 to the vulnerability. That will lead to the reference link being available in the most upstream resource possible and will lead to GitHub ingesting the new reference link when the CVE record is updated.

@py0zz1
Copy link
Author

py0zz1 commented Apr 5, 2025

@shelbyc Oh, I understand. Thank you for explaining it in detail.

@github-actions GitHub Actions
Copy link

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions bot added the Stale label Apr 21, 2025
@github-actions github-actions bot closed this May 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@py0zz1 @shelbyc