FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d331f691-71f4-11ea-8bb5-6cc21735f730PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks

The PostgreSQL project reports:

Versions Affected: 9.6 - 12

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.


Discovery 2020-02-13
Entry 2020-03-29
postgresql12-server
< 12.2

postgresql11-server
< 11.7

postgresql10-server
< 10.12

postgresql96-server
< 9.6.17

https://www.postgresql.org/about/news/1960/
CVE-2020-1720