On Thursday, January 7, 2021, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
>
>
> The vulnerability is almost the same although it is a little bit harder to
> create attack strings.
>
Would making the function run as “security definer” and setting up a
minimal permissions user/owner help with mitigation?
David J.