VYPR
Unrated severityNVD Advisory· Published Apr 24, 2007· Updated Jun 16, 2026

CVE-2007-2138

CVE-2007-2138

Description

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*range: <7.3.19
    • (no CPE)range: <7.3.19, <7.4.17, <8.0.13, <8.1.9, <8.2.4
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

31

News mentions

0

No linked articles in our index yet.