{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3576?format=json","vulnerability_id":"VCID-u5h4-4p6j-wbay","summary":"Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).more details","aliases":[{"alias":"CVE-2009-4136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85361?format=json","purl":"pkg:ebuild/dev-db/postgresql-base@8.3.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-base@8.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/85362?format=json","purl":"pkg:ebuild/dev-db/postgresql-base@8.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-base@8.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/85363?format=json","purl":"pkg:ebuild/dev-db/postgresql-base@9.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-base@9.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/85357?format=json","purl":"pkg:ebuild/dev-db/postgresql-server@8.3.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@8.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/85358?format=json","purl":"pkg:ebuild/dev-db/postgresql-server@8.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@8.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/85359?format=json","purl":"pkg:ebuild/dev-db/postgresql-server@9.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@9.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/354?format=json","purl":"pkg:generic/postgresql@7.4.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@7.4.27"},{"url":"http://public2.vulnerablecode.io/api/packages/353?format=json","purl":"pkg:generic/postgresql@8.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.0.23"},{"url":"http://public2.vulnerablecode.io/api/packages/352?format=json","purl":"pkg:generic/postgresql@8.1.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/351?format=json","purl":"pkg:generic/postgresql@8.2.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/350?format=json","purl":"pkg:generic/postgresql@8.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/349?format=json","purl":"pkg:generic/postgresql@8.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85355?format=json","purl":"pkg:ebuild/dev-db/postgresql@9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-6vh2-2sja-xba9"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7ev2-5qge-uubs"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-sxmd-5tzu-hkav"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-xzhq-u9n2-c3gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9"},{"url":"http://public2.vulnerablecode.io/api/packages/85360?format=json","purl":"pkg:ebuild/dev-db/postgresql-base@9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-6vh2-2sja-xba9"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7ev2-5qge-uubs"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-sxmd-5tzu-hkav"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-xzhq-u9n2-c3gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-base@9"},{"url":"http://public2.vulnerablecode.io/api/packages/85356?format=json","purl":"pkg:ebuild/dev-db/postgresql-server@9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-6vh2-2sja-xba9"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7ev2-5qge-uubs"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-sxmd-5tzu-hkav"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-xzhq-u9n2-c3gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@9"},{"url":"http://public2.vulnerablecode.io/api/packages/330?format=json","purl":"pkg:generic/postgresql@7.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-4tyx-g9kz-y3fq"},{"vulnerability":"VCID-5zj2-a3y7-zueh"},{"vulnerability":"VCID-6ppw-nxh2-2bfs"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-8753-jd2h-8yhw"},{"vulnerability":"VCID-8z74-udgw-kue3"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-dema-khb4-d7c3"},{"vulnerability":"VCID-dwxv-7v5k-pbgt"},{"vulnerability":"VCID-f89t-37f7-hbau"},{"vulnerability":"VCID-g5yd-z8gh-pbc4"},{"vulnerability":"VCID-h86x-6j3b-eqfh"},{"vulnerability":"VCID-hase-39jj-6khk"},{"vulnerability":"VCID-jeef-j758-s3a4"},{"vulnerability":"VCID-nj9p-fdc9-m7fu"},{"vulnerability":"VCID-qw91-9hzj-2bbd"},{"vulnerability":"VCID-s1hd-1asy-q3dd"},{"vulnerability":"VCID-swbt-7zch-sbcp"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-wesb-d296-4ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@7.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/331?format=json","purl":"pkg:generic/postgresql@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-4tyx-g9kz-y3fq"},{"vulnerability":"VCID-5zj2-a3y7-zueh"},{"vulnerability":"VCID-6ppw-nxh2-2bfs"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-8753-jd2h-8yhw"},{"vulnerability":"VCID-8z74-udgw-kue3"},{"vulnerability":"VCID-978k-4cn7-bfbz"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-dema-khb4-d7c3"},{"vulnerability":"VCID-f89t-37f7-hbau"},{"vulnerability":"VCID-g5yd-z8gh-pbc4"},{"vulnerability":"VCID-h86x-6j3b-eqfh"},{"vulnerability":"VCID-hase-39jj-6khk"},{"vulnerability":"VCID-jeef-j758-s3a4"},{"vulnerability":"VCID-nj9p-fdc9-m7fu"},{"vulnerability":"VCID-qw91-9hzj-2bbd"},{"vulnerability":"VCID-s1hd-1asy-q3dd"},{"vulnerability":"VCID-swbt-7zch-sbcp"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-wesb-d296-4ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/332?format=json","purl":"pkg:generic/postgresql@8.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-4tyx-g9kz-y3fq"},{"vulnerability":"VCID-5zj2-a3y7-zueh"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-8z74-udgw-kue3"},{"vulnerability":"VCID-978k-4cn7-bfbz"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-cnye-56z6-qqd6"},{"vulnerability":"VCID-dema-khb4-d7c3"},{"vulnerability":"VCID-f89t-37f7-hbau"},{"vulnerability":"VCID-g5yd-z8gh-pbc4"},{"vulnerability":"VCID-h86x-6j3b-eqfh"},{"vulnerability":"VCID-mr2t-k7zs-7fad"},{"vulnerability":"VCID-nj9p-fdc9-m7fu"},{"vulnerability":"VCID-pqq7-pp4n-fqgp"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/333?format=json","purl":"pkg:generic/postgresql@8.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-5zj2-a3y7-zueh"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-978k-4cn7-bfbz"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-f89t-37f7-hbau"},{"vulnerability":"VCID-g5yd-z8gh-pbc4"},{"vulnerability":"VCID-h86x-6j3b-eqfh"},{"vulnerability":"VCID-nj9p-fdc9-m7fu"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/334?format=json","purl":"pkg:generic/postgresql@8.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/335?format=json","purl":"pkg:generic/postgresql@8.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-8cbh-gwwy-n3eq"},{"vulnerability":"VCID-8j4f-u2tq-1qev"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-g4tm-8zhw-a7hn"},{"vulnerability":"VCID-kbgc-w2jw-auh8"},{"vulnerability":"VCID-nz16-gzhk-h3c1"},{"vulnerability":"VCID-pvxg-byvu-pbec"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-reab-s9cu-yudn"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-ux6m-dn6j-37dc"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-w518-wkek-97ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/127851?format=json","purl":"pkg:rpm/redhat/postgresql@7.4.29-1.el4_8?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-6vh2-2sja-xba9"},{"vulnerability":"VCID-7ev2-5qge-uubs"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-u5h4-4p6j-wbay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@7.4.29-1.el4_8%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/127849?format=json","purl":"pkg:rpm/redhat/postgresql@8.1.21-1.el5_5?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-6vh2-2sja-xba9"},{"vulnerability":"VCID-7ev2-5qge-uubs"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-u5h4-4p6j-wbay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@8.1.21-1.el5_5%3Farch=1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4136.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4136","reference_id":"","reference_type":"","scores":[{"value":"0.01557","scoring_system":"epss","scoring_elements":"0.81393","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01557","scoring_system":"epss","scoring_elements":"0.81402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01557","scoring_system":"epss","scoring_elements":"0.81425","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.8153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81558","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81564","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81571","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81601","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81603","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81607","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81637","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81642","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81657","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81703","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.8172","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81761","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4136"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2009-4136/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2009-4136/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546321","reference_id":"546321","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546321"},{"reference_url":"https://security.gentoo.org/glsa/201110-22","reference_id":"GLSA-201110-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0427","reference_id":"RHSA-2010:0427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0428","reference_id":"RHSA-2010:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0429","reference_id":"RHSA-2010:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0429"},{"reference_url":"https://usn.ubuntu.com/876-1/","reference_id":"USN-876-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/876-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5h4-4p6j-wbay"}