CVE-2024-2044
CRITICALDescription
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
Is your site exposed to CVE-2024-2044?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| pgadmin | pgadmin_4 |
| fedoraproject | fedora |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2024-2044? +
How severe is CVE-2024-2044? +
What products are affected by CVE-2024-2044? +
How do I check if I'm vulnerable to CVE-2024-2044? +
Related Vulnerabilities
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary …
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the …
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for …
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as …
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the …