CVE-2020-14350 vulnerability in PostgreSQL and Other Products
Published on August 24, 2020
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Products Associated with CVE-2020-14350
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-14350 are published in these products:
Exploit Probability
EPSS
0.03%
Percentile
8.52%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.