CVE-2019-10208

Updated: 2024-03-20 02:52:37.315338

Description:

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.5
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 7 ELS postgresql 9.2.24 8.8 HIGH Already Fixed 2024-04-04 14:09:09