{"containers": {"cna": {"affected": [{"product": "pglogical", "vendor": "n/a", "versions": [{"status": "affected", "version": "pglogical 2.3.4, pglogical 3.6.26"}]}], "descriptions": [{"lang": "en", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-01T13:31:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3515", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pglogical", "version": {"version_data": [{"version_value": "pglogical 2.3.4, pglogical 3.6.26"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.757Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3515", "datePublished": "2021-06-01T13:31:40", "dateReserved": "2021-04-27T00:00:00", "dateUpdated": "2024-08-03T16:53:17.757Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F37C4E9-C7E9-45E3-A2D0-FFD701E436A8", "versionEndExcluding": "2.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EF26082-DF09-4360-8DE9-951C066C93CF", "versionEndExcluding": "3.6.26", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de inyecci\u00f3n shell en pglogical en versiones anteriores a 2.3.4 y versiones anteriores a 3.6.26. Un atacante con privilegios CREATEDB en un servidor PostgreSQL puede dise\u00f1ar un nombre de base de datos que permita una ejecuci\u00f3n de comandos de shell como usuario de postgresql cuando se llama a la funci\u00f3n pglogical.create_subscription()"}], "id": "CVE-2021-3515", "lastModified": "2022-10-07T20:46:13.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-01T14:15:10.337", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Pedro Gallegos for reporting this issue.", "bugzilla": {"description": "pglogical: Shell injection by pglogical users with CREATEDB access", "id": "1954112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-77", "details": ["A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().", "A shell injection flaw was found in pglogical, logical replication extension for PostgreSQL. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."], "name": "CVE-2021-3515", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql-pglogical", "product_name": "CloudForms Management Engine 5"}], "public_date": "2021-05-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3515\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3515"], "threat_severity": "Moderate", "upstream_fix": "pglogical 2.3.4, pglogical 3.6.26"}