pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

PT-2022-7464 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: pgjdbc versions prior to 42.3.3 Description: The issue is related to the creation of arbitrary files through the loggerFile and loggerLevel connection properties in the pgjdbc driver. An attacker who controls the jdbc URL or properties can ca...