Fixed a remote code execution issue in the Query Tool and Cloud Deployment (CVE-2025-2945). #8603
Akshay Joshi
parent
1305d9910b
commit
75be0bc22d
|
|
@ -50,3 +50,4 @@ Bug fixes
|
|||
| `Issue #8577 <https://github.com/pgadmin-org/pgadmin4/issues/8577>`_ - Fixed an issue where the upgrade_check API returned an unexpected keyword argument 'cafile' due to changes in the urllib package supporting Python v3.13.
|
||||
| `Issue #8597 <https://github.com/pgadmin-org/pgadmin4/issues/8597>`_ - Fixed an issue where delete/rename was done on wrong file after sorting in Storage Manager.
|
||||
| `Issue #8602 <https://github.com/pgadmin-org/pgadmin4/issues/8602>`_ - Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946).
|
||||
| `Issue #8603 <https://github.com/pgadmin-org/pgadmin4/issues/8603>`_ - Fixed a remote code execution issue in the Query Tool and Cloud Deployment (CVE-2025-2945).
|
||||
|
|
@ -136,8 +136,12 @@ class GoogleProvider(AbsProvider):
|
|||
credentials = self._get_credentials(self._scopes)
|
||||
service = discovery.build('sqladmin', 'v1beta4',
|
||||
credentials=credentials)
|
||||
high_availability = \
|
||||
'REGIONAL' if eval(args.high_availability) else 'ZONAL'
|
||||
|
||||
_high_availability = args.high_availability.lower() in (
|
||||
'true', '1') if isinstance(args.high_availability, str
|
||||
) else args.high_availability
|
||||
|
||||
high_availability = 'REGIONAL' if _high_availability else 'ZONAL'
|
||||
|
||||
db_password = self._database_password \
|
||||
if self._database_password is not None else args.db_password
|
||||
|
|
|
|||
|
|
@ -2156,7 +2156,8 @@ def start_query_download_tool(trans_id):
|
|||
sql = value
|
||||
if key == 'query_commited':
|
||||
query_commited = (
|
||||
eval(value) if isinstance(value, str) else value
|
||||
value.lower() in ('true', '1') if isinstance(
|
||||
value, str) else value
|
||||
)
|
||||
if not sql:
|
||||
sql = trans_obj.get_sql(sync_conn)
|
||||
|
|
|
|||
Loading…
Reference in New Issue