VYPR
Medium severity6.5NVD Advisory· Published Nov 22, 2017· Updated Jun 17, 2026

CVE-2017-15099

CVE-2017-15099

Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

37

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.