Yugo-N

**Name of the Vulnerable Software and Affected Versions** pg ivm versions prior to 1.5.1 **Description** An information disclosure issue exists where an Incrementally Maintainable Materialized View (IMMV) created by pg ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. This allows information in tables protected by Row-Level Security to be retrieved by a user who is not authorized to access it. **Recommendations** For pg ivm versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to IMMV views until the update is applied.

**Name of the Vulnerable Software and Affected Versions** pg ivm versions prior to 1.5.1 **Description** An uncontrolled search path element issue exists. When refreshing an IMMV, pg ivm executes functions without specifying schema names, potentially allowing it to be tricked into executing unexpected functions from other schemas with the IMMV owner's privilege. If exploited, an attacker-provided function may be executed with the materialized view owner's privilege. **Recommendations** For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMMV refresh function to minimize the risk of exploitation.