← Back

Pglogical

pglogical

Vendor: 2ndquadrant • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-3515
12ndquadrant
1Pglogical
Nov 21, 2024
Jun 1, 2021
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as t...Show more
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().Show less