Packages

ash_postgres

v2.9.1

The PostgreSQL data layer for Ash Framework

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 408 Versions 8 Dependencies 21 Dependants Activity 1 Advisory

GHSA-hf59-7rwq-785m CVE-2024-49756

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

October 23, 2024

CVSS

5.3 / 10.0 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Versions

>= 2.0.0 and < 2.4.10

References

https://github.com/ash-project/ash_postgres/security/advisories/GHSA-hf59-7rwq-785m
https://nvd.nist.gov/vuln/detail/CVE-2024-49756
https://github.com/ash-project/ash_postgres/commit/1228fcd851f29a68609e236f7d6a2622a4b5c4ba
https://elixirforum.com/t/empty-update-action-with-policies/66954
https://gist.github.com/zachdaniel/e49166b765978c48dfaf998d06df436e
https://github.com/ash-project/ash_postgres

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

3 187

yesterday

2 342

last 7 days

14 274

all time

1 077 473

Last Updated

May 01, 2026

License

MIT

Build Tools

mix

Publisher

ash-project

Owners

ash-project

ash_postgres

Checksum

Dependency Config

Package Details

Links

Owners