0 like 0 dislike
asked in PostgreSQL Database Forum by (13.4k points)  
A flaw was discovered in PostgreSQL where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

As part of exploiting this vulnerability, the attacker uses CREATE DOMAIN to create a type in a pg_temp schema. The attack pattern

Please log in or register to answer this question.

1 Answer

0 like 0 dislike
answered by (13.4k points)  

This issue is fixed by upgrading to below mentioned point releases and restarting your PostgreSQL server.

Below are the new point releases to fix the vulnerability.

 PostgreSQL version 9.6.15

PostgreSQL version 10.10

PostgreSQL version 11.5

Related questions

0 like 0 dislike
1 answer