FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PG Partition Manager -- arbitrary code execution

Affected packages
pg_partman < 4.5.1

Details

VuXML ID 58b22f3a-bc71-11eb-b9c9-6cc21735f730
Discovery 2021-05-21
Entry 2021-05-24

PG Partition Manager reports:

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.

References

CVE Name CVE-2021-33204
URL https://nvd.nist.gov/vuln/detail/CVE-2021-33204