CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
Vulnerability in implementation of PreparedStatement.setText() or PreparedStatement.setBytea() methods of JDBC driver
(PgJDBC) methods for connecting Java programs to a PostgreSQL database is related to unsafe temporary
files. Exploitation of the vulnerability could allow an attacker to disclose protected information
Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to
failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an attacker,
acting remotely, execute arbitrary code by sending a specially crafted SQL query.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | postgresql-jdbc | < 42.2.29-1 | UNKNOWN |