CVE-2023-23554

Name of the Vulnerable Software and Affected Versions pg ivm versions prior to 1.5.1

Description An uncontrolled search path element issue exists. When refreshing an IMMV, pg ivm executes functions without specifying schema names, potentially allowing it to be tricked into executing unexpected functions from other schemas with the IMMV owner's privilege. If exploited, an attacker-provided function may be executed with the materialized view owner's privilege.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMMV refresh function to minimize the risk of exploitation.