Aiven Extras
Approved changes feed: RSS · Atom
cpe:2.3:a:aiven:aiven-extras:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aiven (55dae46f-23ce-5560-8065-cd68a0390f60) |
|---|---|
| Product | Aiven Extras (57dd648b-8822-5efe-8434-ec921c7c4eea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-31480 |
vulnerable | 2026-06-08 07:18:57.905780 |
aiven-extras allows PostgreSQL Privilege Escalation through format function
CRITICAL (9.1)
aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.
Published: 2025-04-04T14:49:30.863Z
Updated: 2025-04-04T14:57:54.321Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32305 |
vulnerable | 2026-06-08 06:04:45.466134 |
aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path
HIGH (8.8)
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.
Published: 2023-05-12T18:46:55.995Z
Updated: 2025-02-13T16:50:30.580Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.