VDB

GCVE-110-MAGEIA-2021-121

GCVE-110-MAGEIA-2021-121
Advisory Published
Vulnetix · Advisory published March 12, 2021
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393). A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed (CVE-2021-20229). PostgreSQL 11 was only affected by CVE-2021-3393 and both PostgreSQL 11 and 13 were affected by CVE-2021-20229. PostgreSQL 9.6 was updated to fix bugs.

Affected Products

VendorProductVersionsPlatforms
Mageiapostgresql130 (affected), 13.2-1.mga8 (unaffected), 13.2-1.mga8 (unaffected), 0 (affected)
Mageiajson-glib0 (affected), 1.6.2-1.mga8 (unaffected)
Mageiapostgresql9.60 (affected), 0 (affected), 9.6.21-1.mga7 (unaffected), 9.6.21-1.mga7 (unaffected)
Mageiapostgresql110 (affected), 11.11-1.mga8 (unaffected), 0 (affected), 11.11-1.mga8 (unaffected)
Mageiapostgresql110 (affected), 11.11-1.mga7 (unaffected), 0 (affected), 11.11-1.mga7 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›