2 matches found
CVE-2023-22626
PgHero (Python/DB admin dashboard for PostgreSQL) prior to 3.1.0 contains a confidentiality flaw where the EXPLAIN path can leak query results via error messages. The root cause is information disclosure in error responses, which may expose database content or, in some cases, file contents on the...
CVE-2020-16253
CVE-2020-16253 affects the PgHero gem for Ruby up to version 2.6.0 and is a cross-site request forgery (CSRF) vulnerability. The available connected documents consistently describe a CSRF issue in PgHero, noting that Rails’ protect_from_forgery defaults to a non-session session (null_session) whi...