A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | postgresql95 | 2021-01-12 22:52 | ALAS-2021-1476 |
Amazon Linux 1 | postgresql96 | 2021-01-12 22:52 | ALAS-2021-1476 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 7.6 | AV:N/AC:H/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |