Red Hat Security Advisory 2024-1071-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1071.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:12 security updateAdvisory ID:        RHSA-2024:1071-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1071Issue date:         2024-03-04Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1071-03

### Impact

This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.

### Patches

The algorithm to detect SQL injection has been improved.

### Workarounds

None.

### References

- https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2
- https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6)
- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release)

### Credits

- Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder)
- Ehsan Persania (remediation developer)
- Manuel Trezza (coordinator)

Skip to content

Sign in

**CVE-2024-27298**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-27298

**ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection**

Critical severity GitHub Reviewed Published Mar 1, 2024 in parse-community/parse-server • Updated Mar 1, 2024

Vulnerability details Dependabot alerts 0

**Package**

npm parse-server (npm)

**Affected versions**

< 6.5.0

\>= 7.0.0-alpha.1, < 7.0.0-alpha.20

**Patched versions**

6.5.0

7.0.0-alpha.20

**Description**

**Impact**

This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.

**Patches**

The algorithm to detect SQL injection has been improved.

**Workarounds**

None.

**References**

*   GHSA-6927-3vr9-fxf2
*   https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6)
*   https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release)

**Credits**

*   Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder)
*   Ehsan Persania (remediation developer)
*   Manuel Trezza (coordinator)

**References**

*   GHSA-6927-3vr9-fxf2
*   https://nvd.nist.gov/vuln/detail/CVE-2024-27298
*   parse-community/parse-server@a6e6549
*   parse-community/parse-server@cbefe77
*   https://github.com/parse-community/parse-server/releases/tag/6.5.0
*   https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20

 mtrezza published to parse-community/parse-server

Mar 1, 2024

Published by the National Vulnerability Database

Mar 1, 2024

Published to the GitHub Advisory Database

Mar 1, 2024

Reviewed

Mar 1, 2024

Last updated

Mar 1, 2024

**Severity**

Critical

10.0

/ 10

**CVSS base metrics**

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

**Weaknesses**

CWE-89

**CVE ID**

CVE-2024-27298

**GHSA ID**

GHSA-6927-3vr9-fxf2

**Source code**

parse-community/parse-server

**Credits**

*    mtrezza Remediation reviewer
*    EhsanParsania Remediation developer

Checking history

See something to contribute? Suggest improvements for this vulnerability.

GHSA-6927-3vr9-fxf2: ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Red Hat Security Advisory 2024-1061-03 - An update is now available for Red Hat Satellite 6.13 for RHEL 8. Issues addressed include memory leak and server-side request forgery vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1061.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Satellite 6 security and bug fix update  
Advisory ID:        RHSA-2024:1061-03  
Product:            Red Hat Satellite 6  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1061  
Issue date:         2024-03-01  
Revision:           03  
CVE Names:          CVE-2022-4130  
====================================================================

Summary: 

An update is now available for Red Hat Satellite 6.13 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to  
configure and maintain their systems without the necessity to provide public  
Internet access to their servers or other client systems. It performs  
provisioning and configuration management of predefined standard operating  
environments.

Security Fix(es):

* satellite: Blind SSRF via Referer header (CVE-2022-4130)

* mosquitto: memory leak leads to unresponsive broker (CVE-2023-0809, CVE-2023-28366, CVE-2023-3592)

* foreman: World readable file containing secrets (CVE-2023-4886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Long running postgres threads during content-export (BZ#2257299)

* After upstream repo switched to zst compression, Satellite 6.12.5.1 unable to sync (BZ#2257300)

* Actions::ForemanLeapp::PreupgradeJob fails with null value in column \"preupgrade_report_id\" violates not-null constraint when run with non-admin user (BZ#2257302)

* Puppet reports without any messages don't get an origin (BZ#2257314)

* Provisioning vm host fails with error \"Failed to attach ISO image to CDROM drive of instance client.example.com: InvalidPowerState: The attempted operation cannot be performed in the current state (Powered on)\". (BZ#2257316)

* [Improvement] RefreshRepos step in Capsule Sync to refresh just repos to sync (BZ#2260526)

* Support Satellite Clone running on Python 3.12 (BZ#2264354)

* Support Satellite Ansible Collection running on Python 3.12 (BZ#2264918)

* Unable to sync library/busybox from gcr.io (BZ#2265149)

Solution:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.6/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

CVEs:

CVE-2022-4130

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2145254  
https://bugzilla.redhat.com/show_bug.cgi?id=2230135  
https://bugzilla.redhat.com/show_bug.cgi?id=2236882  
https://bugzilla.redhat.com/show_bug.cgi?id=2257299  
https://bugzilla.redhat.com/show_bug.cgi?id=2257300  
https://bugzilla.redhat.com/show_bug.cgi?id=2257302  
https://bugzilla.redhat.com/show_bug.cgi?id=2257314  
https://bugzilla.redhat.com/show_bug.cgi?id=2257316  
https://bugzilla.redhat.com/show_bug.cgi?id=2260526  
https://bugzilla.redhat.com/show_bug.cgi?id=2264354  
https://bugzilla.redhat.com/show_bug.cgi?id=2264918  
https://bugzilla.redhat.com/show_bug.cgi?id=2265149

Red Hat Security Advisory 2024-1061-03

Red Hat Security Advisory 2024-1017-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1017.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:1017-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1017Issue date:         2024-02-28Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1017-03

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

==========================================================================  
Ubuntu Security Notice USN-6656-1  
February 26, 2024

postgresql-12, postgresql-14, postgresql-15 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

PostgreSQL could be made to run arbitrary SQL.

Software Description:  
- postgresql-15: Object-relational SQL database  
- postgresql-14: Object-relational SQL database  
- postgresql-12: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled dropping privileges  
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or  
automatic system were tricked into running a specially crafted command, a  
remote attacker could possibly use this issue to execute arbitrary SQL  
functions.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   postgresql-15                   15.6-0ubuntu0.23.10.1  
   postgresql-client-15            15.6-0ubuntu0.23.10.1

Ubuntu 22.04 LTS:  
   postgresql-14                   14.11-0ubuntu0.22.04.1  
   postgresql-client-14            14.11-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   postgresql-12                   12.18-0ubuntu0.20.04.1  
   postgresql-client-12            12.18-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6656-1  
   CVE-2024-0985

Package Information:  
   https://launchpad.net/ubuntu/+source/postgresql-15/15.6-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/postgresql-14/14.11-0ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/postgresql-12/12.18-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6656-1

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0992.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql10-postgresql security updateAdvisory ID:        RHSA-2024:0992-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0992Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0990.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql12-postgresql security updateAdvisory ID:        RHSA-2024:0990-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0990Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0988.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql13-postgresql security updateAdvisory ID:        RHSA-2024:0988-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0988Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0975.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:0975-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0975Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0975-03

Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0974.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:12 security updateAdvisory ID:        RHSA-2024:0974-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0974Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Tag

#postgres