vulnerability

Oracle Linux: CVE-2024-10979: ELSA-2024-10785: postgresql:12 security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Nov 14, 2024
Added
Dec 5, 2024
Modified
Jul 16, 2025

Description

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH) via incorrect control of environment variables.

Solutions

oracle-linux-upgrade-pgauditoracle-linux-upgrade-pg-repackoracle-linux-upgrade-pgvectororacle-linux-upgrade-postgres-decoderbufsoracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-develoracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-libsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpythonoracle-linux-upgrade-postgresql-plpython3oracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-private-develoracle-linux-upgrade-postgresql-private-libsoracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-server-develoracle-linux-upgrade-postgresql-staticoracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-test-rpm-macrosoracle-linux-upgrade-postgresql-upgradeoracle-linux-upgrade-postgresql-upgrade-devel

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today