The PostgreSQL search_path setting determines schemas searched for tables,
functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented secure schema usage pattern are not vulnerable.
The PostgreSQL project thanks Noah Misch for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 12 | 12.4 | 2020-08-13 |
| 11 | 11.9 | 2020-08-13 |
| 10 | 10.14 | 2020-08-13 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 7.5 |
|---|---|
| Component | core server |
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.