Lucene search
+L

6 matches found

osv
osv
added 2021/06/01 2:15 p.m.18 views

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

6.7CVSS7.2AI score
Exploits0References1
ubuntucve
ubuntucve
added 2021/06/01 2:15 p.m.22 views

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

7.2CVSS6.8AI score0.0046EPSS
Exploits0References3
cve
cve
added 2021/06/01 1:31 p.m.78 views

CVE-2021-3515

CVE-2021-3515 corresponds to a shell-injection flaw in the pglogical extension for PostgreSQL. Affected versions are before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges can craft a database name that enables execution of shell commands as the postgresql user during pglogical.crea...

7.2CVSS6.7AI score0.0046EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/06/01 1:31 p.m.31 views

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

7AI score0.0046EPSS
Exploits0References1
freebsd
freebsd
added 2021/06/01 12:0 a.m.27 views

pglogical -- shell command injection in pglogical.create_subscription()

2ndQuadrant reports: Fix pgdump/pgrestore execution CVE-2021-3515 Correctly escape the connection string for both pgdump and pgrestore so that exotic database and user names are handled correctly. Reported by Pedro Gallegos...

7.2CVSS1.4AI score0.0046EPSS
Exploits0References2
redhatcve
redhatcve
added 2021/05/19 12:25 a.m.37 views

CVE-2021-3515

A shell injection flaw was found in pglogical, logical replication extension for PostgreSQL. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

7.5CVSS3.5AI score0.0046EPSS
Exploits0References3
Rows per page
Query Builder