WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL CVE-2023-39418 Vulnerability (CVE-2023-39418)

Description

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Remediation

References

Related Vulnerabilities

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)

WordPress Plugin WP-UserOnline Cross-Site Scripting (2.87.6)

DataTables Prototype Pollution Vulnerability (CVE-2020-28458)

WordPress Plugin WP-DBManager Multiple Vulnerabilities (2.71)

Elgg Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3733)

Severity

Medium

Classification

CVE-2023-39418 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities