postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
SQLi
PostgreSQL
Enterprise Linux
Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
5.1%