2 matches found
Inclusion of Functionality from Untrusted Control Sphere
Overview Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere when restoring from a plain-text dump file. An attacker can embed malicious psql meta-commands into dump files generated by pgdump --format=plain, pgdumpall, or pgrestore --file...
Exposure of Sensitive Information Through Metadata
Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via optimizer statistics. An attacker can access sensitive sampled data by querying views, partitions, or child tables by crafting a leaky operator that bypasses view access control lis...