A flaw was found in postgresql. Using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
[
{
"vendor": "n/a",
"product": "postgresql",
"versions": [
{
"version": "postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22",
"status": "affected"
}
]
}
]