CVE-2024-10979
- Source
- https://cve.org/CVERecord?id=CVE-2024-10979
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10979.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-10979
- Aliases
- Downstream
- Related
- Published
- 2024-11-14T13:15:04.407Z
- Modified
- 2026-02-03T04:34:02.045155Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
- References
-
- https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md
- https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html
- https://www.postgresql.org/support/security/CVE-2024-10979/
- https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md
- https://security.netapp.com/advisory/ntap-20250110-0003/
- https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md
Affected packages
Git / git.postgresql.org/git/postgresql.git
Affected ranges
- Type
- GIT
- Repo
- https://git.postgresql.org/git/postgresql.git
- Events
-
Introduced2a7ce2e2ce474504a707ec03e128fde66cfb8b48Fixed0c53d54c812cea0d840490fd107910ed949e18c2Introducedad1f2885b8c82e0c2d56d7974f012cbecce17a17Fixed20a82026828536331ebe912b86f060078a173633Introduced29be9983a64c011eac0b9ee29895cce71e15ea77Fixed64ecc00908b7557afa911c15bb342ff06845bb19Introduced86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568cFixed8abd1324049759c1cbd81a4793c470a4f43e1fdbIntroducedc372fbbd8e911f2412b80a8c39d7079366565d67Fixed8c9d34cdc4d213a57fa8b8a7197f7d6f22fca4c9Introducedd7ec59a63d745ba74fba0e280bbf85dc6d1caa3eFixed91f20bc2f7e4fcf5de5c65a6cb1190e0afa91c0b
Affected versions
Other
REL_12_0
REL_12_1
REL_12_10
REL_12_11
REL_12_12
REL_12_13
REL_12_14
REL_12_15
REL_12_16
REL_12_17
REL_12_18
REL_12_19
REL_12_2
REL_12_20
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_12_9
REL_13_0
REL_13_1
REL_13_10
REL_13_11
REL_13_12
REL_13_13
REL_13_14
REL_13_15
REL_13_16
REL_13_2
REL_13_3
REL_13_4
REL_13_5
REL_13_6
REL_13_7
REL_13_8
REL_13_9
REL_14_0
REL_14_1
REL_14_10
REL_14_11
REL_14_12
REL_14_13
REL_14_2
REL_14_3
REL_14_4
REL_14_5
REL_14_6
REL_14_7
REL_14_8
REL_14_9
REL_15_0
REL_15_1
REL_15_2
REL_15_3
REL_15_4
REL_15_5
REL_15_6
REL_15_7
REL_15_8
REL_16_0
REL_16_1
REL_16_2
REL_16_3
REL_16_4
REL_17_0