CVE-2021-31671

Published 15 days ago
Category: Input Validation
Source: GitHub
Severity: Moderate

Vulnerability in pgsync

pgsync drops connection parameters when syncing the schema with the –schema-first and –schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected.

pgsync drops connection parameters when syncing the schema with the --schema-first and --schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected.

An example where sslmode is dropped (connect_timeout is not affected):

from: postgres://user:pass@host/dbname?connect_timeout=10&sslmode=require

This applies to both the to and from connections.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 0.6.7

Unaffected Versions

n/a

References

n/a