Описание
Pgsync Contains Cleartext Transmission of Sensitive Information
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-31671
- https://github.com/ankane/pgsync/issues/121
- https://github.com/ankane/pgsync/commit/05cd18f5fc09407e4b544f2c12f819cabc50c40e
- https://github.com/ankane/pgsync/blob/master/CHANGELOG.md#067-2021-04-26
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pgsync/CVE-2021-31671.yml
Пакеты
Наименование
pgsync
rubygems
Затронутые версииВерсия исправления
< 0.6.7
0.6.7
Связанные уязвимости
CVSS3: 7.5
nvd
почти 5 лет назад
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.