Lucene search
RedhatCVELIST:CVE-2021-3515HistoryJun 01, 2021 - 1:31 p.m.
CVE-2021-3515
2021-06-0113:31:40
CWE-77
redhat
www.cve.org
0.0004 Low
EPSS
Percentile
5.2%
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().
CNA Affected
[
{
"product": "pglogical",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pglogical 2.3.4, pglogical 3.6.26"
}
]
}
]Related
prion
prion
Sql injection
2021-06-01 14:15:00
debiancve
debiancve
CVE-2021-3515
2021-06-01 14:15:10
nvd
nvd
CVE-2021-3515
2021-06-01 14:15:10
osv
osv
CVE-2021-3515
2021-06-01 14:15:10
freebsd
freebsd
pglogical -- shell command injection in pglogical.create_subscription()
2021-06-01 00:00:00
cnvd
cnvd
PostgreSQL Command Injection Vulnerability
2021-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2021-3515
2021-06-01 00:00:00
redhatcve
redhatcve
CVE-2021-3515
2021-05-19 00:25:26
cve
cve
CVE-2021-3515
2021-06-01 14:15:10
nessus
nessus