| From: | "Joel Mariadasan (jomariad)" <jomariad(at)cisco(dot)com> |
|---|---|
| To: | "pgadmin-support(at)postgresql(dot)org" <pgadmin-support(at)postgresql(dot)org> |
| Subject: | Vulnerabilities with the components used along with pgAdmin 4.18 |
| Date: | 2020-03-27 07:38:24 |
| Message-ID: | BN6PR11MB417886C83D9F089052882F12D7CC0@BN6PR11MB4178.namprd11.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Hi,
We are using pgAdmin 4(version 4.18) that is bundled along with Postgres 12.
We notice that version 4.18 of pgAdmin packages the following components that has some open vulnerabilities.
Read component, version, vulnerabilities:
python 3.7.4 https://www.cvedetails.com/vulnerability-list/vendor_id-10210/Python.html
sqlite 3.28.0 https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html
zlib 1.2.8 https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html
curl 7.65.3 https://curl.haxx.se/docs/vuln-7.65.3.html
expat 2.2.7 https://www.cvedetails.com/vulnerability-list/vendor_id-12037/product_id-22545/Libexpat-Expat.html
openssl 1.1.1c https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html
openssl 1.1.1d https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html
We are using pgAdmin to administer our Database in a customer environment.
We have the following queries:
1. Any open vulnerability with the above mentioned component versions that we should be worried about?
2. Is there any roadmap to upgrade the above components used in pgAdmin tool.
[cid:image001(dot)jpg(at)01D60437(dot)59D482A0]<null>
Joel Mariadasan
ENGINEER.SOFTWARE ENGINEERING
jomariad(at)cisco(dot)com<mailto:jomariad(at)cisco(dot)com>
Mobile: +91 8197530175
Cisco Systems (India) Private Limited
Cessna Business Park, Kadubeesanahalli
Varthur Hobli, Sarjapur Marathalli ORR
Bangalore
Karnataka
560 103
India
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
Update Profile<https://engage2demand.cisco.com/LP=6097> - Unsubscribe<http://demand.cisco.com/unsubscribe?dtid=osscdc000283> - Privacy<http://www.cisco.com/web/siteassets/legal/privacy.html>
Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Benjamin | 2020-03-27 20:34:06 | Re: Export Error |
| Previous Message | Khushboo Vashi | 2020-03-27 04:15:43 | Re: Export Error |