PT-2021-4285 · Unknown · Pg Partman

Tapioaiven

Published

2021-05-19

Updated

2021-09-07

CVE-2021-33204

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pg partman versions prior to 4.5.1

Description The issue allows for arbitrary code execution via SECURITY DEFINER functions due to the lack of an explicit search path setting. This can potentially enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of SECURITY DEFINER functions until the update is applied.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2021-04893

CVE-2021-33204

Affected Products

Pg Partman

PT-2021-4285 · Unknown · Pg Partman

CVE-2021-33204

Weakness Enumeration

Related Identifiers

Affected Products

References · 11