VulnerableCode Package Details - pkg:generic/postgresql@15.6.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1av1-tagn-aaan	Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.	CVE-2024-0985

Vulnerability

Summary

Aliases

VCID-1av1-tagn-aaan

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.

CVE-2024-0985

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-25T18:29:46.333518+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	36.1.3
2025-06-04T05:59:06.648009+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	36.1.0
2025-06-02T20:35:49.735878+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	36.1.2
2025-03-28T07:42:15.868823+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	36.0.0
2024-11-18T17:45:34.687302+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	34.3.2
2024-09-18T01:54:07.047852+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	34.0.1
2024-06-25T04:03:03.851131+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	34.0.0rc4
2024-02-08T15:44:07.103062+00:00	PostgreSQL Importer	Fixing	VCID-1av1-tagn-aaan	https://www.postgresql.org/support/security/CVE-2024-0985	34.0.0rc2