### [CVE-2021-20229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20229)
![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=postgresql%2013.2%2C%20postgresql%2012.6%2C%20postgresql%2011.11%2C%20postgresql%2010.16%2C%20postgresql%209.6.21%2C%20postgresql%209.5.25%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863&color=brightgreen)

### Description

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/pedr0alencar/vlab-metasploitable2