apk package
wolfi/debezium-3.4-connector-jdbc
pkg:apk/wolfi/debezium-3.4-connector-jdbc
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42198 | Hig | 7.5 | < 3.4.3-r4 | 3.4.3-r4 | Apr 29, 2026 | pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg | |
| CVE-2026-27830 | Hig | — | < 3.4.1-r1 | 3.4.1-r1 | Feb 26, 2026 | c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre | |
| CVE-2026-27727 | — | < 3.4.2-r0 | 3.4.2-r0 | Feb 25, 2026 | mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack |
- affected < 3.4.3-r4fixed 3.4.3-r4
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg
- affected < 3.4.1-r1fixed 3.4.1-r1
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre
- CVE-2026-27727Feb 25, 2026affected < 3.4.2-r0fixed 3.4.2-r0
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack