PostgreSQL JDBC Driver is vulnerable to SQL Injection. The vulnerability exists in java.sql.ResultRow.RefreshRow
function because it’s not properly escaping column names which allows a remote attacker to inject and execute malicious sql code into the system.
github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
github.com/pgjdbc/pgjdbc/commit/b5ee575b7d6e0918a58fe533f6c50b0c7e9f73c0
github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
lists.debian.org/debian-lts-announce/2022/10/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/I6WHUADTZBBQLVHO4YG4XCWDGWBT4LRP/
lists.fedoraproject.org/archives/list/[email protected]/message/UTFE6SV33P5YYU2GNTQZQKQRVR3GYE4S/