search_path setting determines schemas searched for tables,
functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize
search_path, but logical replication continued to leave
search_path unchanged. Users of a replication publisher or subscriber database can create objects in the
public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented secure schema usage pattern are not vulnerable.
The PostgreSQL project thanks Noah Misch for reporting this problem.
|Affected Version||Fixed In||Fix Published|
If you wish to report a new security vulnerability in PostgreSQL, please send an email to email@example.com.
For reporting non-security bugs, please see the Report a Bug page.