Endpoint Vulnerability

CVE-2019-10208postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

Description

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Affected Products

postgresql

References

CVE-2019-10208,