Pgsync · Pgsync · CVE-2021-31671
**Name of the Vulnerable Software and Affected Versions**
pgsync versions prior to 0.6.7
**Description**
The issue concerns the mishandling of syncing the schema with the `--schema-first` and `--schema-only` options, leading to information disclosure of sensitive information. For example, the `sslmode` connection parameter may be lost, resulting in SSL not being used.
**Recommendations**
For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `--schema-first` and `--schema-only` options until a patch is applied. Restrict access to sensitive information to minimize the risk of exploitation.