Skip to main content

Pg Partman

1 CVEs product

Monthly

CVE-2021-33204 CRITICAL PATCH Act Now

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PostgreSQL Pg Partman
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PostgreSQL Pg Partman
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy