It was found that PostgreSQL versions prior to 12.4, prior to 11.9 and prior to 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |