GHSA-72rj-36qc-47g7

Suggest an improvement
Source
https://github.com/advisories/GHSA-72rj-36qc-47g7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-72rj-36qc-47g7/GHSA-72rj-36qc-47g7.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-72rj-36qc-47g7
Aliases
Published
2021-04-27T15:54:52Z
Modified
2023-11-01T04:55:20.914670Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Pgsync Contains Cleartext Transmission of Sensitive Information
Details

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

Database specific
{
    "nvd_published_at": "2021-04-27T03:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-27T15:54:16Z"
}
References

Affected packages

RubyGems / pgsync

Package

Name
pgsync
Purl
pkg:gem/pgsync

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.7

Affected versions

0.*

0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6