CVE-2024-56142: PGHoard Path Traversal vulnerability

December 17, 2024 (updated December 18, 2024)

A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information.

References

github.com/Aiven-Open/pghoard
github.com/Aiven-Open/pghoard/commit/fe9947642cc73bcacf6d19b93eb98f442223fb47
github.com/Aiven-Open/pghoard/security/advisories/GHSA-m9hc-vxjj-4x6q
github.com/advisories/GHSA-m9hc-vxjj-4x6q
nvd.nist.gov/vuln/detail/CVE-2024-56142

Detect and mitigate CVE-2024-56142 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →