Skip to main content

asyncpg

1 CVEs library

Monthly

CVE-2020-17446 PyPI CRITICAL PATCH Act Now

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL RCE Memory Corruption asyncpg Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL RCE Memory Corruption +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy