|
[Japanese]
|
JVNDB-2025-000060
|
PgManage vulnerable to injection
|
|
PgManage provided by Command Prompt, Inc. uses RestrictedPython module.
The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage (CWE-477).
Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
The vendor already updated PgManage to 1.3 when JPCERT/CC contacted.
Through the further communication we agreed on this JVN publication to notify users of its latest solution.
|
|
|
|
|
Command Prompt, Inc.
- PgManage versions prior to 1.3.1
|
|
|
A user of the affected product may escape a sandbox and execute arbitrary code.
|
|
[Update the Software]
Update PgManage to the latest version according to the information provided by the developer.
PgManage 1.3.1 updated RestrictedPython module to version 8.0.
|
|
Command Prompt, Inc.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
|
|
- JVN : JVN#46919949
|
|
- [2025/08/18]
Web page was published
|
