Описание
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 10.14-0ubuntu0.18.04.1 |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 10.14-0ubuntu0.18.04.1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 10.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 12.4-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 12.4-0ubuntu0.20.04.1 |
| focal | released | 12.4-0ubuntu0.20.04.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 12.4-1 |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | code not present |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 9.5.23 |
Показывать по
EPSS
4.6 Medium
CVSS2
7.1 High
CVSS3
Связанные уязвимости
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
EPSS
4.6 Medium
CVSS2
7.1 High
CVSS3