CVE-2021-3935 log

Severity Medium
Remote Yes
Type Man-in-the-middle
A security issue has been found in PgBouncer before version 1.16.1. A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if PgBouncer did not demand any authentication data. (However, a PgBouncer setup relying on SSL certificate authentication might well not do so.)
Group Package Affected Fixed Severity Status Ticket
AVG-2578 pgbouncer 1.16.0-1 1.16.1-1 Medium Fixed