A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition.
For more information about PostgreSQL versioning,
please visit the versioning page.
Reporting Security Vulnerabilities
If you wish to report a new security vulnerability in PostgreSQL, please
send an email to
For reporting non-security bugs, please see the Report a Bug page.