Lucene search

K
cvelistRedhatCVELIST:CVE-2020-14350
HistoryAug 24, 2020 - 12:42 p.m.

CVE-2020-14350

2020-08-2412:42:45
redhat
www.cve.org

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

CNA Affected

[
  {
    "product": "PostgreSQL",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23"
      }
    ]
  }
]