KLA11347
SB vulnerability in PostgreSQL
Updated: 06/26/2019
Detect date
?
11/08/2018
Severity
?
High
Description

SQL injection vulnerability in PostreSQL. Malicious users can exploit this vulnerability via running arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle to bypass security restrictions.

Affected products

PostgreSQL 10.x earlier than 10.6
PostgreSQL 11.x earlier than 11.1

Solution

Update to the latest version
Download PostgreSQL

Original advisories

PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 Released!

Impacts
?
SB 
[?]
CVE-IDS
?