CVE-2021-38140

Name of the Vulnerable Software and Affected Versions: PostgreSQL set user extension module versions prior to 2.0.1

Description: The issue allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set user(). This can be exploited to gain elevated privileges.

Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the set user extension module until a patch is applied. Avoid using the RESET SESSION AUTHORIZATION command after set user() in the affected API endpoint until the issue is resolved.