VYPR
High severity8.1NVD Advisory· Published Aug 30, 2018· Updated Jun 17, 2026

CVE-2018-10936

CVE-2018-10936

Description

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.postgresql:pgjdbc-aggregateMaven
< 42.2.542.2.5

Affected products

14

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.