CVE-2023-31131

Name of the Vulnerable Software and Affected Versions Greenplum Database versions prior to 6.22.3

Description The issue is related to the Greenplum Database using unsafe methods to extract tar files within GPPKGs, leading to path traversal and arbitrary file writes. An attacker can exploit this to overwrite data or system files, potentially causing a system crash or malfunction. Any files accessible to the running process are at risk.

Recommendations For Greenplum Database versions prior to 6.22.3, upgrade to Greenplum Database version 6.23.2 or higher. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Note that there are no known workarounds for this issue other than upgrading to a patched version.