SUSE-SU-2024:3771-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20243771-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3771-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:3771-1
Related
Published
2024-10-29T12:55:34Z
Modified
2024-10-29T12:55:34Z
Summary
Security update for pgadmin4
Details

This update for pgadmin4 fixes the following issues:

  • CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967)
  • CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248)
  • CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252)
  • CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423)
  • CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366)
  • CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295)
  • CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS (bsc#1229861)
  • CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions in elliptic (bsc#1231684)
  • CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic's EDDSA Signature Verification (bsc#1231564)
  • CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928)
References

Affected packages

SUSE:Linux Enterprise Module for Python 3 15 SP6 / pgadmin4

Package

Name
pgadmin4
Purl
purl:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5-150600.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "pgadmin4": "8.5-150600.3.6.1",
            "pgadmin4-doc": "8.5-150600.3.6.1",
            "system-user-pgadmin": "8.5-150600.3.6.1"
        }
    ]
}

openSUSE:Leap 15.6 / pgadmin4

Package

Name
pgadmin4
Purl
purl:rpm/suse/pgadmin4&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5-150600.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "pgadmin4": "8.5-150600.3.6.1",
            "pgadmin4-cloud": "8.5-150600.3.6.1",
            "pgadmin4-doc": "8.5-150600.3.6.1",
            "system-user-pgadmin": "8.5-150600.3.6.1",
            "pgadmin4-web-uwsgi": "8.5-150600.3.6.1",
            "pgadmin4-desktop": "8.5-150600.3.6.1"
        }
    ]
}