Security Advisory

CVE-2019-10208

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-29 13:13:12

Last updated 2024-08-04 22:17:18

Assigner redhat

State PUBLISHED

Description

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

← Browse all CVEs View on cve.org ↗