CVE-2022-21724

CVE-2022-21724 affects the official PostgreSQL JDBC Driver (libpgjava) used by pgjdbc. The vulnerability stems from the driver instantiating plugin classes based on connection properties (authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback) without v...

CVE-2020-13692

CVE-2020-13692 affects the PostgreSQL JDBC Driver (PgJDBC) prior to v42.2.13, where an XML External Entity (XXE) weakness exists in the driver (libpgjava). Exploitation could lead to data exposure and potential impact on availability as summarized in the connected advisories. The Debian/AlmaLinux...

CVE-2024-1597

CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....

CVE-2022-31197

The CVE-2022-31197 issue affects the PostgreSQL JDBC Driver (PgJDBC). The vulnerability lies in the PgJDBC implementation of java.sql.ResultRow.refreshRow(), which does not escape column names, allowing a malicious column name containing a statement terminator (e.g., “;”) to trigger SQL injection...

CVE-2018-10936

CVE-2018-10936 affects the PostgreSQL JDBC driver prior to 42.2.5. If an SSL Factory is provided and no host name verifier is configured, the driver might skip host name verification, enabling a MITM attacker to impersonate a trusted server with a CA-signed certificate. The risk is constrained to...