Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write when Extracting Tarballs in greenplum-db
Vulnerability Description
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Greenplum Database 路径遍历漏洞
Vulnerability Description
Greenplum Database是一个基于 PostgreSql 的高级、功能齐全的开源数据仓库。用于分析大规模并行 PostgreSql。 Greenplum Database(GPDB) 6.22.3之前版本存在路径遍历漏洞,该漏洞源于存在任意文件写入的路径遍历,攻击者可以利用此漏洞覆盖数据或系统文件以及导致系统崩溃或故障。
CVSS Information
N/A
Vulnerability Type
N/A