Описание
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | quarkus-jdbc-postgresql | Not affected | ||
| Red Hat Fuse 7 | quarkus-jdbc-postgresql-deployment | Not affected | ||
| Red Hat Integration Camel K 1 | jdbc-postgresql | Affected | ||
| Red Hat Integration Camel K 1 | quarkus-jdbc-postgresql | Not affected | ||
| Red Hat Integration Camel K 1 | quarkus-jdbc-postgresql-deployment | Not affected | ||
| Red Hat JBoss Fuse 6 | jdbc-postgresql | Not affected | ||
| Red Hat AMQ Online 1.5.2 GA | jdbc-postgresql | Fixed | RHSA-2020:3209 | 29.07.2020 |
| Red Hat build of Quarkus 1.3.4 SP1 | quarkus-jdbc-postgresql | Fixed | RHSA-2020:3248 | 30.07.2020 |
| Red Hat build of Quarkus 1.3.4 SP1 | quarkus-jdbc-postgresql-deployment | Fixed | RHSA-2020:3248 | 30.07.2020 |
| Red Hat Decision Manager 7 | jdbc-postgresql | Fixed | RHSA-2020:3675 | 08.09.2020 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=1852985postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
EPSS
Процентиль: 85%
0.02469
Низкий
7.7 High
CVSS3
Связанные уязвимости
EPSS
Процентиль: 85%
0.02469
Низкий
7.7 High
CVSS3