CVE-2019-10208
HIGH8.8EPSS 0.20%postgresql-9.6 - security update
Published: 8/8/2019Modified: 3/9/2026
Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Affected packages (6)
- Alpine/postgresqlfrom 0, < 11.5-r0
- Alpine/postgresql14from 0, < 11.5-r0
- Alpine/postgresql15from 0, < 11.5-r0
- Debian/postgresql-11from 0, < 11.5-1+deb10u1
- Debian/postgresql-9.4from 0, < 9.4.24-0+deb8u1
- Debian/postgresql-9.6from 0, < 9.6.15-0+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |