CVE-2024-1713

Exploit

EPSS 0.07%
Veröffentlicht 14.03.2024 21:15:50
Zuletzt bearbeitet 23.01.2025 19:18:07
Quelle cve-coordination@google.com
CVE-Watchlists
Login
Unerledigt
Login

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Plv8 ≫ Plv8 Version3.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cve-coordination@google.com	7.2	1.3	5.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

CWE-394 Unexpected Status Code or Return Value

The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-1713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1713

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1713