4 matches found
CVE-2022-31197
PgJDBC (PostgreSQL JDBC Driver) is affected by CVE-2022-31197 due to the java.sql.ResultRow.refreshRow() not escaping column names, enabling SQL injection when a column name contains a terminator like ;. Attack requires tricking a user into running SQL against a table with malicious column names ...
CVE-2025-49146
CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...
CVE-2018-10936
CVE-2018-10936 affects the PostgreSQL JDBC driver prior to 42.2.5. If an SSL Factory is provided and no host name verifier is configured, the driver might skip host name verification, enabling a MITM attacker to impersonate a trusted server with a CA-signed certificate. The risk is constrained to...
CVE-2026-54291
CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...