A flaw was discovered in postgresql where arbitrary SQL...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Oct 29, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 4, 2024
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
References