CVE-2019-10208
HIGH8.8EPSS 0.20%postgresql-9.4 - security update
發布日:2019/8/8修改日:2026/3/9
也稱為:ALPINE-CVE-2019-10208DEBIAN-CVE-2019-10208DLA-1874-1
描述
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
受影響套件(6)
- Alpine/postgresqlfrom 0, < 11.5-r0
- Alpine/postgresql14from 0, < 11.5-r0
- Alpine/postgresql15from 0, < 11.5-r0
- Debian/postgresql-11from 0, < 11.5-1+deb10u1
- Debian/postgresql-9.4from 0, < 9.4.24-0+deb8u1
- Debian/postgresql-9.6from 0, < 9.6.15-0+deb9u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |