Re: Vulnerabilities with the components used along with pgAdmin 4.18 - Mailing list pgadmin-support

Hi,

 

We are using pgAdmin 4(version 4.18) that is bundled along with Postgres 12.

 

We notice that version 4.18 of pgAdmin packages the following components that has some open vulnerabilities.

 

Read component, version, vulnerabilities:

python 3.7.4   https://www.cvedetails.com/vulnerability-list/vendor_id-10210/Python.html

sqlite     3.28.0   https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html

zlib        1.2.8   https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html

curl        7.65.3  https://curl.haxx.se/docs/vuln-7.65.3.html

expat    2.2.7   https://www.cvedetails.com/vulnerability-list/vendor_id-12037/product_id-22545/Libexpat-Expat.html

openssl 1.1.1c    https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html

openssl 1.1.1d  https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html

 

 

We are using pgAdmin to administer our Database in a customer environment.

We have the following queries:

 

1. Any open vulnerability with the above mentioned component versions that we should be worried about?

2. Is there any roadmap to upgrade the above components used in pgAdmin tool.

 

 

Joel Mariadasan ENGINEER.SOFTWARE ENGINEERING jomariad@cisco.com   Mobile: +91 8197530175 Cisco Systems (India) Private Limited Cessna Business Park, Kadubeesanahalli Varthur Hobli, Sarjapur Marathalli ORR Bangalore Karnataka 560 103 India This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Update Profile - Unsubscribe - Privacy Please click here for Company Registration