Postgresql: extension script @substitutions@ within quoting allow sql injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Affected products
- ==11.21
- ==13.12
- ==15.4
- ==12.16
- ==14.9
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.postgresql
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 17.6
pkgs.postgresql_13
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 13.22
pkgs.postgresql_14
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 14.19
pkgs.postgresql_15
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 15.14
pkgs.postgresql_16
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 16.10
pkgs.postgresql_17
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 17.6
pkgs.postgresql_18
Powerful, open source object-relational database system
-
nixos-unstable -
- nixpkgs-unstable 18rc1
pkgs.postgresql_jit
None
-
nixos-unstable -
- nixpkgs-unstable 17.6
pkgs.postgresql_jdbc
JDBC driver for PostgreSQL allowing Java programs to connect to a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 42.7.7
pkgs.postgresql_13_jit
None
-
nixos-unstable -
- nixpkgs-unstable 13.22
pkgs.postgresql_14_jit
None
-
nixos-unstable -
- nixpkgs-unstable 14.19
pkgs.postgresql_15_jit
None
-
nixos-unstable -
- nixpkgs-unstable 15.14
pkgs.postgresql_16_jit
None
-
nixos-unstable -
- nixpkgs-unstable 16.10
pkgs.postgresql_18_jit
None
-
nixos-unstable -
- nixpkgs-unstable 18rc1
pkgs.postgresqlTestHook
None
pkgs.akkuPackages.postgresql
R7RS portable PostgreSQL binding
-
nixos-unstable -
- nixpkgs-unstable 17.9.26
pkgs.postgresqlPackages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 17.6
pkgs.postgresqlPackages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 17.6
pkgs.postgresql13Packages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 13.22
pkgs.postgresql14Packages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 14.19
pkgs.postgresql15Packages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 15.14
pkgs.postgresql16Packages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 16.10
pkgs.postgresql18Packages.pltcl
PL/Tcl - Tcl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 18rc1
pkgs.postgresqlPackages.lantern
PostgreSQL vector database extension for building AI applications
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.postgresql13Packages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 13.22
pkgs.postgresql14Packages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 14.19
pkgs.postgresql15Packages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 15.14
pkgs.postgresql16Packages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 16.10
pkgs.postgresql18Packages.plperl
PL/Perl - Perl Procedural Language
-
nixos-unstable -
- nixpkgs-unstable 18rc1
pkgs.postgresql13Packages.lantern
PostgreSQL vector database extension for building AI applications
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.postgresql14Packages.lantern
PostgreSQL vector database extension for building AI applications
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.postgresql15Packages.lantern
PostgreSQL vector database extension for building AI applications
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.postgresql16Packages.lantern
PostgreSQL vector database extension for building AI applications
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.postgresqlPackages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-17.6
pkgs.luaPackages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.postgresqlPackages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.sbclPackages.clsql-postgresql
None
-
nixos-unstable -
- nixpkgs-unstable 20221106-git
pkgs.postgresql13Packages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-13.22
pkgs.postgresql14Packages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-14.19
pkgs.postgresql15Packages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-15.14
pkgs.postgresql16Packages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-16.10
pkgs.postgresql18Packages.plpython3
PL/Python - Python Procedural Language
-
nixos-unstable -
- nixpkgs-unstable plpython3-18rc1
pkgs.terraform-providers.postgresql
None
-
nixos-unstable -
- nixpkgs-unstable 1.26.0
pkgs.haskellPackages.HDBC-postgresql
PostgreSQL driver for HDBC
-
nixos-unstable -
- nixpkgs-unstable 2.5.0.1
pkgs.haskellPackages.moto-postgresql
PostgreSQL-based migrations registry for moto
-
nixos-unstable -
- nixpkgs-unstable 0.0.2
pkgs.haskellPackages.postgresql-pure
pure Haskell PostgreSQL driver
-
nixos-unstable -
- nixpkgs-unstable 0.2.3.0
pkgs.haskellPackages.text-postgresql
Parser and Printer of PostgreSQL extended types
-
nixos-unstable -
- nixpkgs-unstable 0.0.3.1
pkgs.lua51Packages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.lua52Packages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.lua53Packages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.lua54Packages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.postgresql13Packages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.postgresql14Packages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.postgresql15Packages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.postgresql16Packages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.postgresql18Packages.anonymizer
Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.zabbix-agent2-plugin-postgresql
Required tool for Zabbix agent integrated PostgreSQL monitoring
-
nixos-unstable -
- nixpkgs-unstable agent2-plugin-postgresql-7.4.1
pkgs.haskellPackages.postgresql-libpq
low-level binding to libpq
-
nixos-unstable -
- nixpkgs-unstable 0.11.0.0
pkgs.haskellPackages.postgresql-typed
PostgreSQL interface with compile-time SQL type checking, optional HDBC backend
-
nixos-unstable -
- nixpkgs-unstable 0.6.2.5
pkgs.luajitPackages.luadbi-postgresql
Database abstraction layer
-
nixos-unstable -
- nixpkgs-unstable 0.7.4-1
pkgs.haskellPackages.postgresql-binary
Encoders and decoders for the PostgreSQL's binary format
-
nixos-unstable -
- nixpkgs-unstable 0.14.0.1
pkgs.haskellPackages.postgresql-schema
PostgreSQL Schema Management
-
nixos-unstable -
- nixpkgs-unstable 0.1.14
pkgs.haskellPackages.postgresql-simple
Mid-Level PostgreSQL client library
-
nixos-unstable -
- nixpkgs-unstable 0.7.0.0
pkgs.haskellPackages.postgresql-syntax
PostgreSQL AST parsing and rendering
-
nixos-unstable -
- nixpkgs-unstable 0.4.1.2
pkgs.haskellPackages.squeal-postgresql
Squeal PostgreSQL Library
-
nixos-unstable -
- nixpkgs-unstable 0.9.2.0
pkgs.haskellPackages.gargoyle-postgresql
Manage PostgreSQL servers with gargoyle
-
nixos-unstable -
- nixpkgs-unstable 0.2.0.3
pkgs.python312Packages.pytest-postgresql
Pytest plugin that enables you to test code on a temporary PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 6.0.0
pkgs.python313Packages.pytest-postgresql
Pytest plugin that enables you to test code on a temporary PostgreSQL database
-
nixos-unstable -
- nixpkgs-unstable 6.0.0
pkgs.haskellPackages.postgresql-connector
Initial project postgresql-connector from stack
-
nixos-unstable -
- nixpkgs-unstable 0.2.7
pkgs.haskellPackages.postgresql-migration
PostgreSQL Schema Migrations
-
nixos-unstable -
- nixpkgs-unstable 0.2.1.8
pkgs.sbclPackages.clsql-postgresql-socket
None
-
nixos-unstable -
- nixpkgs-unstable 20221106-git
pkgs.haskellPackages.persistent-postgresql
Backend for the persistent library using postgresql
-
nixos-unstable -
- nixpkgs-unstable 2.13.6.2
pkgs.haskellPackages.postgresql-copy-escape
Format data to feed to a PostgreSQL COPY FROM statement
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.1
pkgs.haskellPackages.postgresql-error-codes
PostgreSQL error codes
-
nixos-unstable -
- nixpkgs-unstable 1.0.1
pkgs.haskellPackages.gargoyle-postgresql-nix
Manage PostgreSQL servers with gargoyle and nix
-
nixos-unstable -
- nixpkgs-unstable 0.3.0.3
pkgs.haskellPackages.pipes-postgresql-simple
Convert various postgresql-simple calls to work with pipes
-
nixos-unstable -
- nixpkgs-unstable 0.1.3.0
pkgs.haskellPackages.postgresql-libpq-notify
Minimal dependency PostgreSQL notifications library
-
nixos-unstable -
- nixpkgs-unstable 0.2.0.0
pkgs.haskellPackages.squeal-postgresql-ltree
LTree extension for Squeal
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.2
pkgs.chickenPackages_5.chickenEggs.postgresql
Bindings for PostgreSQL's C-api
-
nixos-unstable -
- nixpkgs-unstable 4.1.6
pkgs.haskellPackages.eventsourcing-postgresql
PostgreSQL adaptor for eventsourcing
-
nixos-unstable -
- nixpkgs-unstable 0.9.0
pkgs.haskellPackages.postgresql-transactional
a transactional monad on top of postgresql-simple
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.haskellPackages.rivet-adaptor-postgresql
Rivet migration library postgresql backend
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.haskellPackages.migrant-postgresql-simple
Semi-automatic database schema migrations
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.3
pkgs.haskellPackages.postgresql-libpq-configure
low-level binding to libpq: configure based provider
-
nixos-unstable -
- nixpkgs-unstable 0.11
pkgs.haskellPackages.postgresql-libpq-pkgconfig
low-level binding to libpq: pkg-config based provider
-
nixos-unstable -
- nixpkgs-unstable 0.11
pkgs.haskellPackages.gargoyle-postgresql-connect
Connect to gargoyle-managed postgresql instances
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.3
pkgs.haskellPackages.postgresql-simple-migration
PostgreSQL Schema Migrations
-
nixos-unstable -
- nixpkgs-unstable 0.1.15.0
pkgs.haskellPackages.squeal-postgresql-uuid-ossp
UUID OSSP extension for Squeal
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.1
pkgs.haskellPackages.postgresql-simple-interpolate
Interpolated SQL queries via quasiquotation
-
nixos-unstable -
- nixpkgs-unstable 0.1.1.0
pkgs.python312Packages.django-postgresql-netfields
Django PostgreSQL netfields implementation
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.python313Packages.django-postgresql-netfields
Django PostgreSQL netfields implementation
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.chickenPackages_5.chickenEggs.awful-postgresql
Postgresql support for awful
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.haskellPackages.postgresql-migration-persistent
A PostgreSQL persistent schema migration utility
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.haskellPackages.postgresql-placeholder-converter
Converter for question mark style and dollar sign style of PostgreSQL SQL
-
nixos-unstable -
- nixpkgs-unstable 0.2.0.0
pkgs.tests.pkg-config.defaultPkgConfigPackages.libecpg
Test whether postgresql-17.6 exposes pkg-config modules libecpg
pkgs.tests.pkg-config.defaultPkgConfigPackages.libpgtypes
Test whether postgresql-17.6 exposes pkg-config modules libpgtypes
pkgs.python312Packages.azure-mgmt-postgresqlflexibleservers
Microsoft Azure Postgresqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.python313Packages.azure-mgmt-postgresqlflexibleservers
Microsoft Azure Postgresqlflexibleservers Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.tests.pkg-config.defaultPkgConfigPackages.libecpg_compat
Test whether postgresql-17.6 exposes pkg-config modules libecpg_compat
-
nixos-unstable -
- nixpkgs-unstable 0.2.0.0
Package maintainers
-
@alexfmpe Alexandre Esteves <alexandre.fmp.esteves@gmail.com>
-
@maralorn maralorn <mail@maralorn.de>
-
@wolfgangwalther Wolfgang Walther <walther@technowledgy.de>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@thoughtpolice Austin Seipp <aseipp@pobox.com>
-
@frlan Frank Lanitz <frank@frank.uvena.de>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@osnyx Oliver Schmidt <os@flyingcircus.io>
-
@dpausp Tobias Stenzel <dpausp@posteo.de>
-
@ctheune Christian Theune <ct@flyingcircus.io>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@gador Florian Brandes <florian.brandes@posteo.de>