This is not a security vulnerability in the product. It is behaving exactly as intended. It may be misconfigured in some deployments, but it's not a product vulnerability.
Sonatype Nexus Audior is reporting the following Threat level 9 vulnerability on Postgres
Vulnerability
Issue CVE-2019-9193 Severity Sonatype CVSS 3.0: 9.8 Weakness Sonatype CWE: 94 Source National Vulnerability Database Categories Data
Description
Description from CVE In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS.