apk package
chainguard/debezium-3.3-connector-jdbc
pkg:apk/chainguard/debezium-3.3-connector-jdbc
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42198 | Hig | 7.5 | < 3.3.2-r5 | 3.3.2-r5 | Apr 29, 2026 | pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg | |
| CVE-2026-27830 | Hig | — | < 3.3.2-r2 | 3.3.2-r2 | Feb 26, 2026 | c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre | |
| CVE-2026-27727 | — | < 3.3.2-r2 | 3.3.2-r2 | Feb 25, 2026 | mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack |
- affected < 3.3.2-r5fixed 3.3.2-r5
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg
- affected < 3.3.2-r2fixed 3.3.2-r2
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre
- CVE-2026-27727Feb 25, 2026affected < 3.3.2-r2fixed 3.3.2-r2
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack