Critical Vulnerability Found in PostgreSQL PL/Perl

CVE-2024-10979: Critical Vulnerability Discovered in PostgreSQL PL/Perl. Researchers from Varonis identified a significant security flaw in the Postgres trusted language extension PL/Perl, which allows unprivileged database users to set arbitrary environment variables, potentially leading to arbitrary code execution. The vulnerability has been assigned a severity score of 8.8, prompting PostgreSQL users to upgrade to the latest versions to mitigate risks. Affected versions include those prior to PostgreSQL 17.1, and users are advised to restrict extension permissions and review their function code for potential vulnerabilities. Further details and remediation strategies are available in the official PostgreSQL report.