Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pg_ivm 代码问题漏洞
Vulnerability Description
pg_ivm是SRA OSS开源的一个库。作为 PostgreSQL 扩展的 IVM(增量视图维护)实现。 pg_ivm 1.5.1之前版本存在安全漏洞,该漏洞源于存在不受控制的搜索路径元素漏洞,攻击者利用该漏洞可以使用IMMV所有者的权限从其他模式执行意外功能。
CVSS Information
N/A
Vulnerability Type
N/A