Total vulnerabilities in the database
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
| Software | From | Fixed in |
|---|---|---|
| postgresql / postgresql | 11.0 | 11.21 |
| postgresql / postgresql | 15.0 | 15.4 |
| postgresql / postgresql | 14.0 | 14.9 |
| postgresql / postgresql | 13.0 | 13.12 |
| postgresql / postgresql | 12.0 | 12.16 |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux | 9.0 | 9.0.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| debian / debian_linux | 12.0 | 12.0.x |