8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
26.4%
PostgreSQL JDBC Driver is vulnerable to SQL Injection. The vulnerability exists in java.sql.ResultRow.RefreshRow
function because it’s not properly escaping column names which allows a remote attacker to inject and execute malicious sql code into the system.
github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
github.com/pgjdbc/pgjdbc/commit/b5ee575b7d6e0918a58fe533f6c50b0c7e9f73c0
github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
lists.debian.org/debian-lts-announce/2022/10/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/I6WHUADTZBBQLVHO4YG4XCWDGWBT4LRP/
lists.fedoraproject.org/archives/list/[email protected]/message/UTFE6SV33P5YYU2GNTQZQKQRVR3GYE4S/
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
26.4%