CVE-2019-10208

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10208

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10208.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10208

Downstream

ALPINE-CVE-2019-10208

DLA-1874-1

DSA-4492-1

DSA-4493-1

RHSA-2020:0980

RHSA-2020:3669

RHSA-2020:4295

RHSA-2020:5619

RHSA-2020:5661

RHSA-2020:5664

RHSA-2021:0164

RHSA-2021:0166

RHSA-2021:0167

RHSA-2021:1512

SUSE-SU-2019:2158-1

SUSE-SU-2019:2159-1

SUSE-SU-2019:2228-1

SUSE-SU-2019:2707-1

UBUNTU-CVE-2019-10208

USN-4090-1

openSUSE-SU-2019:2062-1

openSUSE-SU-2020:1227-1

openSUSE-SU-2024:11184-1

openSUSE-SU-2024:11185-1

Related

Published

2019-10-29T19:15:16Z

Modified

2024-11-21T04:18:39Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

References

Affected packages