CVE-2021-3515
N/A
N/A
Summary
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | pglogical | pglogical 2.3.4, pglogical 3.6.26 | affected |
Weaknesses
- CWE-77: CWE-77
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.