Jacob Wilkin

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 9.3 through 11.2 **Description** The issue allows superusers and users in the 'pg execute server program' group to execute arbitrary code in the context of the database's operating system user through the "COPY TO/FROM PROGRAM" function. This functionality can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. **Recommendations** For PostgreSQL versions 9.3 through 11.2, consider restricting access to the 'COPY TO/FROM PROGRAM' function to prevent arbitrary code execution, or remove users from the 'pg execute server program' group unless necessary. As a temporary workaround, consider disabling the 'COPY TO/FROM PROGRAM' function until a more permanent solution is available.