VulnerableCode Package Details - pkg:generic/postgresql@15.4.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-23g8-dcz6-aaan	IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.	CVE-2023-39417
VCID-x1aj-681s-aaah	A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.	CVE-2023-39418

Vulnerability

Summary

Aliases

VCID-23g8-dcz6-aaan

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

CVE-2023-39417

VCID-x1aj-681s-aaah

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CVE-2023-39418

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-25T18:29:46.404491+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	36.1.3
2025-06-25T18:29:46.381271+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	36.1.3
2025-06-04T05:59:06.700143+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	36.1.0
2025-06-04T05:59:06.685033+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	36.1.0
2025-06-02T20:35:49.793112+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	36.1.2
2025-06-02T20:35:49.774916+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	36.1.2
2025-03-28T07:42:16.015940+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	36.0.0
2025-03-28T07:42:10.021315+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	36.0.0
2024-11-18T17:45:35.160285+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	34.3.2
2024-09-18T01:54:07.217921+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	34.0.1
2024-09-18T01:54:07.176791+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	34.0.1
2024-01-03T22:22:45.799704+00:00	PostgreSQL Importer	Fixing	VCID-23g8-dcz6-aaan	https://www.postgresql.org/support/security/CVE-2023-39417	34.0.0rc1
2024-01-03T22:22:45.754851+00:00	PostgreSQL Importer	Fixing	VCID-x1aj-681s-aaah	https://www.postgresql.org/support/security/CVE-2023-39418	34.0.0rc1