Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-05-15T21:05:49.873Z
Updated: 2023-05-15T21:05:49.873Z
Reserved: 2023-04-24T21:44:10.416Z
Link: CVE-2023-31131
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-15T22:15:12.273
Modified: 2023-05-25T17:06:11.477
Link: CVE-2023-31131
JSON object: View
Redhat Information
No data.
CWE