Vulnerability	Vulnerable Version
C Remote Code Execution (RCE) pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Remote Code Execution (RCE) in the Cloud Deployment with Google Provider module, which is accessible via the `high_availability` parameter to the `/deploy` endpoint and in the Query Tool interface, which is accessible via the `query_commited` parameter to the `/download` endpoint. An attacker can execute arbitrary commands with the privileges of the application user. How to fix Remote Code Execution (RCE)? Upgrade `pgadmin4` to version 9.2 or higher.	[,9.2)
M Cross-site Scripting (XSS) pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `measureText()` function, accessible via the Query Tool interface. An attacker can inject malicious scripts into the displayed output. How to fix Cross-site Scripting (XSS)? Upgrade `pgadmin4` to version 9.2 or higher.	[,9.2)

Remote Code Execution (RCE)

pgadmin4 is a PostgreSQL Tools

Affected versions of this package are vulnerable to Remote Code Execution (RCE) in the Cloud Deployment with Google Provider module, which is accessible via the high_availability parameter to the /deploy endpoint and in the Query Tool interface, which is accessible via the query_commited parameter to the /download endpoint. An attacker can execute arbitrary commands with the privileges of the application user.

How to fix Remote Code Execution (RCE)?

Upgrade pgadmin4 to version 9.2 or higher.

[,9.2)

Cross-site Scripting (XSS)

pgadmin4 is a PostgreSQL Tools

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the measureText() function, accessible via the Query Tool interface. An attacker can inject malicious scripts into the displayed output.

How to fix Cross-site Scripting (XSS)?

Upgrade pgadmin4 to version 9.2 or higher.

[,9.2)

Go back to all versions of this package