VDB
GCVE-110-MAGEIA-2021-121
GCVE-110-MAGEIA-2021-121
Advisory Published
A user having an UPDATE privilege on a partitioned table but lacking the SELECT
privilege on some column may be able to acquire denied-column values from an
error message (CVE-2021-3393).
A user having a SELECT privilege on an individual column can craft a special
query that returns all columns of the table. Additionally, a stored view that
uses column-level privileges will have incomplete column-usage bitmaps. In
installations that depend on column-level permissions for security, it is
recommended to execute CREATE OR REPLACE on all user-defined views to force
them to be re-parsed (CVE-2021-20229).
PostgreSQL 11 was only affected by CVE-2021-3393 and both PostgreSQL 11 and 13
were affected by CVE-2021-20229. PostgreSQL 9.6 was updated to fix bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | postgresql13 | 0 (affected), 13.2-1.mga8 (unaffected), 13.2-1.mga8 (unaffected), 0 (affected) | — |
| Mageia | json-glib | 0 (affected), 1.6.2-1.mga8 (unaffected) | — |
| Mageia | postgresql9.6 | 0 (affected), 0 (affected), 9.6.21-1.mga7 (unaffected), 9.6.21-1.mga7 (unaffected) | — |
| Mageia | postgresql11 | 0 (affected), 11.11-1.mga8 (unaffected), 0 (affected), 11.11-1.mga8 (unaffected) | — |
| Mageia | postgresql11 | 0 (affected), 11.11-1.mga7 (unaffected), 0 (affected), 11.11-1.mga7 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.