JVN#46919949
PgManage vulnerable to injection
Overview
PgManage provided by Command Prompt, Inc. contains an injection vulnerability.
Products Affected
- PgManage versions prior to 1.3.1
Description
PgManage provided by Command Prompt, Inc. uses RestrictedPython module.
The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage (CWE-477).
Impact
A user of the affected product may escape a sandbox and execute arbitrary code.
Solution
Update the Software
Update PgManage to the latest version according to the information provided by the developer.
PgManage 1.3.1 updated RestrictedPython module to version 8.0.
Vendor Status
| Vendor | Link |
| Command Prompt, Inc. | Release 1.3.1 commandprompt/pgmanage |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
The vendor already updated PgManage to 1.3 when JPCERT/CC contacted.
Through the further communication we agreed on this JVN publication to notify users of its latest solution.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2025-000060 |