3 matches found
Security Bulletin: CVE-2023-39417: Extension script @substitutions@ within quoting allow SQL injection
Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...
Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...
Vulnerability in core server (CVE-2023-39417)
Extension script @substitutions@ within quoting allow SQL injection An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation examp...