Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Remediation
References
Related Vulnerabilities
Oracle Application Server Resource Management Errors Vulnerability (CVE-2007-2120)
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
WordPress Plugin Happy Addons for Elementor Pro Cross-Site Scripting (1.16.0)
PostgreSQL Other Vulnerability (CVE-2015-3165)
WordPress Plugin Download Manager Directory Traversal (3.2.54)