13 matches found
CVE-2023-31136
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
EUVD-2023-1513
Malicious code in bioql PyPI...
GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim from...
CVE-2023-31136
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
Code injection
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2023-31136 PostgresNIO processes unencrypted bytes from man-in-the-middle
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...
CVE-2023-31136
The CVE-2023-31136 entry concerns PostgresNIO prior to 1.14.2, where a MITM attacker could inject false responses to initial queries over TLS. The connected documents reinforce that the core issue is a MITM-like behavior when establishing a TLS-enabled PostgreSQL connection; PostgresNIO fixes beg...
PT-2023-23170 · Unknown · Postgresnio
Name of the Vulnerable Software and Affected Versions: PostgresNIO versions prior to 1.14.2 Description: The issue affects users of PostgresNIO who connect to servers with TLS enabled, allowing a man-in-the-middle attacker to inject false responses to the client's first few queries despite the us...
PostgresNIO 安全漏洞
PostgresNIO is a Swift client for PostgreSQL. A security vulnerability exists in PostgresNIO versions prior to 1.14.2. An attacker exploited the vulnerability to perform a man-in-the-middle attack...