{"id":"AZL-27892","summary":"CVE-2023-39417 affecting package postgresql for versions less than 14.10-1","details":"IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.","modified":"2026-04-01T05:09:32.792120Z","published":"2023-08-11T13:15:09Z","upstream":["CVE-2023-39417"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39417"}],"affected":[{"package":{"name":"postgresql","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/postgresql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.10-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27892.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}