Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31131

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.

Published

2023-05-15T22:15:12.273

Last Modified

2024-11-21T08:01:27.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	greenplum_database	< 6.22.3	Yes

References

https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471 Patch ([email protected])
https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3 Vendor Advisory ([email protected])
https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)