CVE-2021-31671

Cleartext Transmission of Sensitive Information in gem/pgsync

Identifier

CVE-2021-31671

Package Slug

gem/pgsync

Vulnerability

Cleartext Transmission of Sensitive Information

Description

pgsync Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

Affected Versions

All versions before 0.6.7

Solution

Upgrade to version 0.6.7 or above.

Last Modified

2021-05-04

source