VulnerableCode Package Details - pkg:generic/postgresql@11.20.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-m2ku-ydb8-aaaf	Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.	CVE-2023-2455
VCID-y8yz-9q93-aaaq	schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.	CVE-2023-2454

Vulnerability

Summary

Aliases

VCID-m2ku-ydb8-aaaf

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

CVE-2023-2455

VCID-y8yz-9q93-aaaq

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

CVE-2023-2454

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-25T18:29:55.585770+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	36.1.3
2025-06-25T18:29:55.467024+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	36.1.3
2025-06-04T05:59:07.600220+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	36.1.0
2025-06-04T05:59:07.538252+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	36.1.0
2025-06-02T20:35:54.201482+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	36.1.2
2025-06-02T20:35:54.121280+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	36.1.2
2025-03-28T07:42:17.254523+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	36.0.0
2025-03-28T07:42:17.070942+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	36.0.0
2024-09-18T01:54:10.744939+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	34.0.1
2024-09-18T01:54:10.568502+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	34.0.1
2024-01-03T22:23:07.226249+00:00	PostgreSQL Importer	Fixing	VCID-y8yz-9q93-aaaq	https://www.postgresql.org/support/security/CVE-2023-2454	34.0.0rc1
2024-01-03T22:23:07.054625+00:00	PostgreSQL Importer	Fixing	VCID-m2ku-ydb8-aaaf	https://www.postgresql.org/support/security/CVE-2023-2455	34.0.0rc1