VYPR

pgjdbc

by pgjdbc

Source repositories

CVEs (5)

  • CVE-2022-26520CriMar 10, 2022
    risk 0.64cvss 9.8epss 0.03

    In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP…

  • CVE-2024-1597CriFeb 19, 2024
    risk 0.58cvss 10.0epss 0.05

    pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second…

  • CVE-2025-49146HigJun 11, 2025
    risk 0.46cvss 8.2epss 0.00

    pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that…

  • CVE-2022-31197HigAug 3, 2022
    risk 0.39cvss 7.1epss 0.02

    PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious…

  • CVE-2022-41946MedNov 23, 2022
    risk 0.24cvss 4.7epss 0.00

    pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will…