A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Related CVEs

CVE-2023-39418

Key Information

GHSA ID

GHSA-chgx-7cw3-hr55

Published

August 11, 2023 3:30 PM

Last Modified

February 16, 2024 3:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.