CNNVD-202602-1893 Information
CNNVD ID
CNNVD-202602-1893
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
PostgreSQL Anonymizer是法国DALIBO开源的一个用于屏蔽或替换 PostgreSQL 数据库中的个人身份信息 (PII) 或商业敏感数据的扩展软件。 PostgreSQL Anonymizer存在安全漏洞,该漏洞源于允许用户创建基于包含恶意代码函数的临时视图,可能导致在调用anon.get_tablesample_ratio函数时以超级用户权限执行恶意代码。
Description (English)
PostgreSQL Anonymizer is an extension of personal identity information (PII) or commercially sensitive data used to shield or replace the PostgreSQL database from the French DALIBO open source. PostgreSQL Anonymizer has a security loophole, which stems from allowing users to create temporary views based on the inclusion of a malicious code function, which may lead to the implementation of a malicious code using super-user privileges when calling the anon.get tablesample ratio function.
Vulnerability Type
其他
Affected Vendor
DALIBO
Published
2026-02-11
Last Modified
2026-02-24
References
https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617 https://access.redhat.com/security/cve/cve-2026-2361
Patch
https://gitlab.com/dalibo/postgresql_anonymizer/-/releases
Share on: