Closed
Description
File ~/.config/coderv2/postgres/bin/bin/postgres
version 13.11 is vulnerable to CVE-2023-39417, which exists in versions >= 13.0, < 13.12.
The vulnerability was found in the National Vulnerability Database (NVD) based on the CPE cpe:2.3:a:postgresql:postgresql with NVD severity: High.
The file is associated with the technology PostgreSQL.
The vulnerability can be remediated by updating PostgreSQL to 13.12 or higher.
Looks like the cause is the go package which creates the embedded server:
Line 37 in 70ccefc
I have opened a pull request to patch this:
fergusstrange/embedded-postgres#131