Description |
+ |
An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing user had permission to perform a "SELECT" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would not check the SELECT policies for that table before performing the update. |
+ |
The fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against table permissions and RLS policies before executing. |
|