Open svenklemm opened 3 months ago
The DO blocks in the version update scripts did not sufficiently lock down search_path for the format calls allowing injection of a malicious format function to be executed during upgrades.
The DO blocks in the version update scripts did not sufficiently lock down search_path for the format calls allowing injection of a malicious format function to be executed during upgrades.