SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.

Version Information

Affected Version Fixed In Fix Published
11 11.1 2018-11-08
10 10.6 2018-11-08

For more information about PostgreSQL versioning, please visit the versioning page.

CVSS 3.0

Overall Score 8.8
Component core server
Vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reporting Security Vulnerabilities

If you wish to report a new security vulnerability in PostgreSQL, please send an email to

For reporting non-security bugs, please see the Report a Bug page.