CVE-2024-1713

CVSS v3.1

7.2

High

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions plv8 version 3.2.1

Description A user who can create objects in a database with plv8 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

Recommendations For plv8 version 3.2.1, consider restricting access to create objects in the database until a patch is available. As a temporary workaround, consider disabling the execution of deferred triggers during autovacuum to minimize the risk of exploitation.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-394

Related Identifiers

CVE-2024-1713

GHSA-R7M9-GRW7-VCC4

Affected Products

Plv8

CVE-2024-1713

Weakness Enumeration

Related Identifiers

Affected Products

References · 10