Search for packages
| purl | pkg:generic/postgresql@14.13.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1yyd-u1nn-aaaj | Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. |
CVE-2024-7348
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-25T18:29:46.231007+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.3 |
| 2025-06-04T05:59:06.564295+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.0 |
| 2025-06-02T20:35:49.650021+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.2 |
| 2025-03-28T07:42:15.719340+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.0.0 |
| 2024-11-18T17:45:34.198548+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.3.2 |
| 2024-09-18T01:54:06.796667+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.0.1 |
| 2024-08-08T18:01:24.586759+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.0.0rc4 |