pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
References
Link | Resource |
---|---|
https://github.com/ankane/pgsync/issues/121 | Exploit Issue Tracking Third Party Advisory |
https://github.com/ankane/pgsync/issues/121 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ankane/pgsync/issues/121 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2021-04-27 03:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-31671
Mitre link : CVE-2021-31671
CVE.ORG link : CVE-2021-31671
JSON object : View
Products Affected
pgsync_project
- pgsync
CWE
CWE-319
Cleartext Transmission of Sensitive Information