VYPR

Postgresql Anonymizer

by Dalibo

Source repositories

CVEs (7)

  • CVE-2026-2361HigFeb 11, 2026
    risk 0.52cvss 8.0epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser…

  • CVE-2026-2360HigFeb 11, 2026
    risk 0.52cvss 8.0epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is…

  • CVE-2026-9617MedMay 27, 2026
    risk 0.44cvss 6.8epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The…

  • CVE-2026-11945MedJun 11, 2026
    risk 0.42cvss 6.4epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the…

  • CVE-2025-5690MedJun 4, 2025
    risk 0.42cvss 6.5epss 0.00

    PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled,…

  • CVE-2024-2339Mar 8, 2024
    risk 0.00cvss epss 0.01

    PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static…

  • CVE-2024-2338Mar 8, 2024
    risk 0.00cvss epss 0.00

    PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that…