pkg:Maven/org.postgresql:postgresql

All known vulnerabilities

• CRITICAL10.0CVE-2024-1597pgjdbc SQL Injection via line comment generation
  from 0, < 42.2.28
• CRITICAL10.0CVE-2024-1597pgjdbc SQL Injection via line comment generation
  >= 42.7.0, < 42.7.2
• CRITICAL9.8CVE-2022-26520Path traversal in org.postgresql:postgresql
  >= 42.1.0, < 42.3.3
• CRITICAL9.8Path traversal in org.postgresql:postgresql
  >= 42.1.0, < 42.3.3
• HIGH8.2pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
  >= 42.7.4, < 42.7.7
• HIGH7.7Improper Restriction of XML External Entity Reference
  >= 9.4.1212.jre6, < 42.2.13
• HIGH7.5pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
  >= 42.2.0, < 42.7.11
• HIGH7.1SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
  from 0, < 42.2.26
• HIGH7.0Unchecked Class Instantiation when providing Plugin Classes
  >= 9.4.1208, < 42.2.25
• MEDIUM4.7TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc
  >= 42.2.0, < 42.2.27
• —Unescaped parameters in the PostgreSQL JDBC driver
  from 0, < 8.2