CVE-2024-55964

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.52

Description An issue was discovered in Appsmith where an incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.

Recommendations For versions prior to 1.52, update to version 1.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the PostgreSQL instance and limiting the ability to create and execute queries within Appsmith.