Vulnerabilities > Pgbouncer > Pgbouncer > 1.5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
| 2021-11-22 | CVE-2021-3935 | Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. | 8.1 |