On 4/18/24 11:27 AM, Mathews, Rob wrote:
> All,
>
> CVE-2024-28849 was found in Version 15.6 and 16.2 this week. Please
> refer to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849> for
> issues and corrections.
>
> The Binaries .zip files were the files scanned and found with the
> vulnerability. There are no known workarounds for this vulnerability.
PostgreSQL doesn't have any dependencies on node.js, let alone
JavaScript. This CVE doesn't apply to PostgreSQL.
If you are using a package to install PostgreSQL (as it sounds like you
are), you'll need to reach out to the package maintainers.
Jonathan