PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-39417
IN THE EXTENSION SCRIPT a SQL Injection vulnerability was found in PostgreSQL if it uses extowner extschema or extschema:... inside a quoting construct (dollar quoting 3939 or quotquot). If an administrator has installed files of a vulnerable trusted non-bundled extension an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.