High severityNVD Advisory· Published Jun 4, 2020· Updated Aug 4, 2024
CVE-2020-13692
CVE-2020-13692
Description
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.postgresql:postgresqlMaven | >= 9.4.1212.jre6, < 42.2.13 | 42.2.13 |
Affected products
94- PostgreSQL/PostgreSQL JDBC Driverdescription
- osv-coords93 versionspkg:apk/chainguard/mariadb-10.11pkg:apk/chainguard/mariadb-10.11-backuppkg:apk/chainguard/mariadb-10.11-benchpkg:apk/chainguard/mariadb-10.11-clientpkg:apk/chainguard/mariadb-10.11-devpkg:apk/chainguard/mariadb-10.11-docpkg:apk/chainguard/mariadb-10.11-embeddedpkg:apk/chainguard/mariadb-10.11-oci-entrypointpkg:apk/chainguard/mariadb-10.6pkg:apk/chainguard/mariadb-10.6-backuppkg:apk/chainguard/mariadb-10.6-benchpkg:apk/chainguard/mariadb-10.6-clientpkg:apk/chainguard/mariadb-10.6-devpkg:apk/chainguard/mariadb-10.6-docpkg:apk/chainguard/mariadb-10.6-embeddedpkg:apk/chainguard/mariadb-10.6-oci-entrypointpkg:apk/chainguard/mariadb-11.2pkg:apk/chainguard/mariadb-11.2-backuppkg:apk/chainguard/mariadb-11.2-benchpkg:apk/chainguard/mariadb-11.2-clientpkg:apk/chainguard/mariadb-11.2-devpkg:apk/chainguard/mariadb-11.2-docpkg:apk/chainguard/mariadb-11.2-embeddedpkg:apk/chainguard/mariadb-11.2-oci-entrypointpkg:apk/chainguard/mariadb-11.2-testpkg:apk/wolfi/mariadb-10.11pkg:apk/wolfi/mariadb-10.11-backuppkg:apk/wolfi/mariadb-10.11-benchpkg:apk/wolfi/mariadb-10.11-clientpkg:apk/wolfi/mariadb-10.11-devpkg:apk/wolfi/mariadb-10.11-docpkg:apk/wolfi/mariadb-10.11-embeddedpkg:apk/wolfi/mariadb-10.11-oci-entrypointpkg:apk/wolfi/mariadb-10.6pkg:apk/wolfi/mariadb-10.6-backuppkg:apk/wolfi/mariadb-10.6-benchpkg:apk/wolfi/mariadb-10.6-clientpkg:apk/wolfi/mariadb-10.6-devpkg:apk/wolfi/mariadb-10.6-docpkg:apk/wolfi/mariadb-10.6-embeddedpkg:apk/wolfi/mariadb-10.6-oci-entrypointpkg:apk/wolfi/mariadb-11.2pkg:apk/wolfi/mariadb-11.2-backuppkg:apk/wolfi/mariadb-11.2-benchpkg:apk/wolfi/mariadb-11.2-clientpkg:apk/wolfi/mariadb-11.2-devpkg:apk/wolfi/mariadb-11.2-docpkg:apk/wolfi/mariadb-11.2-embeddedpkg:apk/wolfi/mariadb-11.2-oci-entrypointpkg:apk/wolfi/mariadb-11.2-testpkg:bitnami/postgresql-jdbc-driverpkg:maven/org.postgresql/postgresqlpkg:rpm/almalinux/postgresql-jdbcpkg:rpm/almalinux/postgresql-jdbc-javadocpkg:rpm/suse/bind-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/image-sync-formula&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/mgr-libmod&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-frontend-libs&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/uyuni-cluster-provider-caasp&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/yomi-formula&distro=SUSE%20Manager%20Server%20Module%204.1
< 10.11.14-r0+ 92 more
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.11.14-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 10.6.23-r0
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 11.2.3-r2
- (no CPE)range: < 42.2.13
- (no CPE)range: >= 9.4.1212.jre6, < 42.2.13
- (no CPE)range: < 42.2.3-3.el8_2
- (no CPE)range: < 42.2.3-3.el8_2
- (no CPE)range: < 0.1.1603299886.60e4bcf-3.11.1
- (no CPE)range: < 0.2.2-4.13.1
- (no CPE)range: < 0.1.1605087464.65d1b51-3.9.5
- (no CPE)range: < 4.1.5-3.8.2
- (no CPE)range: < 9.4-3.3.1
- (no CPE)range: < 9.4-3.3.1
- (no CPE)range: < 42.2.10-3.3.1
- (no CPE)range: < 42.2.10-3.3.5
- (no CPE)range: < 0.7.5-3.16.1
- (no CPE)range: < 0.2.3-4.16.1
- (no CPE)range: < 1.0.1605087464.65d1b51-3.6.5
- (no CPE)range: < 0.1.1605087464.65d1b51-3.9.5
- (no CPE)range: < 0.18.0-4.12.1
- (no CPE)range: < 4.1.9-4.12.5
- (no CPE)range: < 4.0.12-3.15.1
- (no CPE)range: < 4.1.8-3.9.5
- (no CPE)range: < 4.0.35-3.38.1
- (no CPE)range: < 4.1.18-4.14.6
- (no CPE)range: < 4.1.14-3.9.5
- (no CPE)range: < 4.1.8-4.9.5
- (no CPE)range: < 4.0.40-3.48.2
- (no CPE)range: < 4.1.24-3.19.6
- (no CPE)range: < 4.1.4-3.6.6
- (no CPE)range: < 4.1.7-3.6.5
- (no CPE)range: < 4.0.25-3.36.1
- (no CPE)range: < 4.1.21-3.12.5
- (no CPE)range: < 4.1.4-3.3.5
- (no CPE)range: < 4.0.32-3.46.1
- (no CPE)range: < 4.1.22-3.14.6
- (no CPE)range: < 4.1-11.20.5
- (no CPE)range: < 4.1-11.20.5
- (no CPE)range: < 4.1.1-3.6.5
- (no CPE)range: < 4.0.23-3.32.1
- (no CPE)range: < 4.1.17-3.16.2
- (no CPE)range: < 4.0.31-3.37.1
- (no CPE)range: < 4.1.18-3.16.5
- (no CPE)range: < 4.1.8-3.6.5
- (no CPE)range: < 4.1.3-3.3.5
- (no CPE)range: < 0.0.1+git.1604593202.a2c22bf-3.6.5
Patches
Vulnerability mechanics
References
27- github.com/advisories/GHSA-88cc-g835-76rpghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-13692ghsaADVISORY
- www.debian.org/security/2022/dsa-5196ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65ghsax_refsource_CONFIRMWEB
- jdbc.postgresql.org/documentation/changelog.htmlghsax_refsource_CONFIRMWEB
- lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJCghsaWEB
- security.netapp.com/advisory/ntap-20200619-0005ghsaWEB
- security.netapp.com/advisory/ntap-20200619-0005/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.