FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PG Partition Manager -- arbitrary code execution

Affected packages
pg_partman < 4.5.1


VuXML ID 58b22f3a-bc71-11eb-b9c9-6cc21735f730
Discovery 2021-05-21
Entry 2021-05-24

PG Partition Manager reports:

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.


CVE Name CVE-2021-33204