CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-1597 – pgjdbc SQL Injection via line comment generation
https://notcve.org/view.php?id=CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. • http://www.openwall.com/lists/oss-security/2024/04/02/6 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU https://security.netapp.com/advisory/ntap-20240419-0008 https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes https://www.enterprisedb.com/docs/security/assessments/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 1CVE-2022-31197 – SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
https://notcve.org/view.php?id=CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. • https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 https://lists.debian.org/debian-lts-announce/2022/10/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6WHUADTZBBQLVHO4YG4XCWDGWBT4LRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTFE6SV33P5YYU2GNTQZQKQRVR3GYE4S https://access.redhat.com/security/cve/CVE-2022-31197 https://b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26520 – postgresql-jdbc: Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-26520
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties ** EN DISPUTA ** En pgjdbc versiones anteriores a 42.3.3, un atacante (que controla la URL o las propiedades de jdbc) puede llamar a java.util.logging.FileHandler para escribir en archivos arbitrarios mediante las propiedades de conexión loggerFile y loggerLevel. Una situación de ejemplo es que un atacante podría crear un archivo JSP ejecutable bajo una root web de Tomcat. NOTA: la posición del proveedor es que no se presenta una vulnerabilidad de pgjdbc; en cambio, es una vulnerabilidad para cualquier aplicación que use el controlador pgjdbc con propiedades de conexión no confiables A flaw was found in Postgres JDBC. • https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3 https://jdbc.postgresql.org/documentation/head/tomcat.html https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com/security/cve/CVE-2022-26520 https://bugzilla.redhat.com/show_bug.cgi?id=2064007 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 2CVE-2022-21724 – Unchecked Class Instantiation when providing Plugin Classes
https://notcve.org/view.php?id=CVE-2022-21724
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. • https://github.com/ToontjeM/CVE-2022-21724 https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS https://security.netapp.com/advisory/ntap-20220311-0005 https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com&# • CWE-665: Improper Initialization •
CVSS: 7.7EPSS: 1%CPEs: 6EXPL: 0CVE-2020-13692 – postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
https://notcve.org/view.php?id=CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. PostgreSQL JDBC Driver (también se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability. • https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/ • CWE-611: Improper Restriction of XML External Entity Reference •