{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:43:54.400","vulnerabilities":[{"cve":{"id":"CVE-2021-3515","sourceIdentifier":"secalert@redhat.com","published":"2021-06-01T14:15:10.337","lastModified":"2024-11-21T06:21:43.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."},{"lang":"es","value":"Se encontró un fallo de inyección shell en pglogical en versiones anteriores a  2.3.4 y versiones anteriores a 3.6.26. Un atacante con privilegios CREATEDB en un servidor PostgreSQL puede diseñar un nombre de base de datos que permita una ejecución de comandos de shell como usuario de postgresql cuando se llama a la función pglogical.create_subscription()"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.4","matchCriteriaId":"8F37C4E9-C7E9-45E3-A2D0-FFD701E436A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.6.26","matchCriteriaId":"3EF26082-DF09-4360-8DE9-951C066C93CF"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954112","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954112","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}}]}