Unknown · Postgresql · CVE-2023-39417
**Name of the Vulnerable Software and Affected Versions**
PostgreSQL (affected versions not specified)
**Description**
The issue is related to a SQL injection vulnerability in PostgreSQL extensions that use specific constructs (`@extowner@`, `@extschema@`, or `@extschema:...@`) inside quoting constructs (dollar quoting, '', or ""). This vulnerability can allow a remote attacker to execute arbitrary SQL queries on the database. If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.