"... An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity."

https://www.postgresql.org/support/security/CVE-2022-1552/

#security #infosec #postgresql