Description

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Remediation

References

CVE-2023-39418

Related Vulnerabilities

WordPress Plugin Advanced Database Cleaner SQL Injection (3.0.1)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-30599)

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0874)

WordPress Other Vulnerability (CVE-2007-3240)

SharePoint Resource Management Errors Vulnerability (CVE-2008-3006)

Severity

Medium

Classification

CVE-2023-39418 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities