GHSA-8ch8-93q8-mhm3MediumCVSS 4.3

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to...

Published
June 30, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later versions

🔗 References (3)