It was discovered that a late privilege drop in the “REFRESH MATERIALIZED
VIEW CONCURRENTLY” command could allow an attacker to trick a user with
higher privileges to run SQL commands with these permissions.

https://security-tracker.debian.org/tracker/DSA-5623-1

Read More