public inbox for [email protected]
help / color / mirror / Atom feedFrom: Noah Misch <[email protected]>
To: [email protected]
Subject: pgsql: pg_createsubscriber: Obstruct SQL injection via subscription nam
Date: Mon, 11 May 2026 12:19:37 +0000
Message-ID: <[email protected]> (raw)
pg_createsubscriber: Obstruct SQL injection via subscription names.
drop_existing_subscription() neglected to escape the subscription
name when generating its query string. To fix, use
PQescapeIdentifier() to construct a properly escaped name, and use
it in the ALTER SUBSCRIPTION and DROP SUBSCRIPTION commands.
Reported-by: Yu Kunpeng <[email protected]>
Author: Nathan Bossart <[email protected]>
Reviewed-by: Amit Kapila <[email protected]>
Security: CVE-2026-6476
Backpatch-through: 17
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/d389415ffad509f0de1342e6ebbb5d5c62dbedef
Author: Nathan Bossart <[email protected]>
Modified Files
--------------
src/bin/pg_basebackup/pg_createsubscriber.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: pg_createsubscriber: Obstruct SQL injection via subscription nam
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox