{"url":"http://public2.vulnerablecode.io/api/packages/80545?format=json","purl":"pkg:gem/pgsync@0.6.7","type":"gem","namespace":"","name":"pgsync","version":"0.6.7","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51628?format=json","vulnerability_id":"VCID-9vzu-jxpm-hydw","summary":"Connection security vulnerability with schema sync\npgsync drops connection parameters when syncing the schema with the\n--schema-first and --schema-only options. Some of these parameters may\naffect security. For instance, if sslmode is dropped, the connection\nmay not use SSL. The first connection parameter is not affected.\n\npgsync drops connection parameters when syncing the schema with the\n`--schema-first` and `--schema-only` options. Some of these parameters\nmay affect security. For instance, if `sslmode` is dropped, the\nconnection may not use SSL. The first connection parameter is not affected.\n\nAn example where `sslmode` is dropped (`connect_timeout` is not affected):\n\n```yaml\nfrom: postgres://user:pass@host/dbname?connect_timeout=10&sslmode=require\n```\n\nThis applies to both the `to` and `from` connections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31671","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31671"},{"reference_url":"https://github.com/ankane/pgsync/blob/master/CHANGELOG.md#067-2021-04-26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ankane/pgsync/blob/master/CHANGELOG.md#067-2021-04-26"},{"reference_url":"https://github.com/ankane/pgsync/commit/05cd18f5fc09407e4b544f2c12f819cabc50c40e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ankane/pgsync/commit/05cd18f5fc09407e4b544f2c12f819cabc50c40e"},{"reference_url":"https://github.com/ankane/pgsync/issues/121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ankane/pgsync/issues/121"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pgsync/CVE-2021-31671.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pgsync/CVE-2021-31671.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31671","reference_id":"CVE-2021-31671","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80545?format=json","purl":"pkg:gem/pgsync@0.6.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/pgsync@0.6.7"}],"aliases":["CVE-2021-31671","GHSA-72rj-36qc-47g7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzu-jxpm-hydw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/pgsync@0.6.7"}