{"id":"JLSEC-2026-34","details":"An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.","modified":"2026-04-03T13:30:53.663903Z","published":"2026-04-03T13:27:15.647Z","upstream":["CVE-2021-3393"],"database_specific":{"license":"CC-BY-4.0","sources":[{"published":"2021-04-01T14:15:13.657Z","id":"CVE-2021-3393","modified":"2024-11-21T06:21:24.200Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3393","imported":"2026-04-03T13:13:09.843Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3393"}]},"references":[{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924005"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202105-32"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20210507-0006/"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924005"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202105-32"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20210507-0006/"}],"affected":[{"package":{"name":"LibPQ_jll","ecosystem":"Julia","purl":"pkg:julia/LibPQ_jll?uuid=08be9ffa-1c94-5ee5-a977-46a84ec9b350"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"14.1.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-34.json"}}],"schema_version":"1.7.5"}