Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oODZ3LW01cm0teHIzM84AAfdY
Unescaped parameters in the PostgreSQL JDBC driver
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Permalink: https://github.com/advisories/GHSA-h86w-m5rm-xr33JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oODZ3LW01cm0teHIzM84AAfdY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-h86w-m5rm-xr33, CVE-2012-1618
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-1618
- https://bugzilla.novell.com/show_bug.cgi?id=754273
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.html
- http://lists.opensuse.org/opensuse-security/2012-03/msg00024.html
- http://www.openwall.com/lists/oss-security/2012/03/30/8
- http://www.openwall.com/lists/oss-security/2012/03/30/9
- http://www.openwall.com/lists/oss-security/2012/03/31/1
- http://www.openwall.com/lists/oss-security/2012/04/02/4
- http://www.openwall.com/lists/oss-security/2012/04/04/11
- http://www.openwall.com/lists/oss-security/2012/04/04/4
- http://www.openwall.com/lists/oss-security/2012/04/04/5
- http://www.openwall.com/lists/oss-security/2012/04/04/9
- http://www.osvdb.org/80641
- https://github.com/advisories/GHSA-h86w-m5rm-xr33
Affected Packages
maven:org.postgresql:postgresql
Dependent packages: 3,652Dependent repositories: 176,054
Downloads:
Affected Version Ranges: < 8.2
Fixed in: 8.2
All affected versions:
All unaffected versions: 9.4.1207, 9.4.1208, 9.4.1209, 9.4.1210, 9.4.1211, 9.4.1212, 42.0.0, 42.1.0, 42.1.1, 42.1.2, 42.1.3, 42.1.4, 42.2.0, 42.2.1, 42.2.2, 42.2.3, 42.2.4, 42.2.5, 42.2.6, 42.2.7, 42.2.8, 42.2.9, 42.2.10, 42.2.11, 42.2.12, 42.2.13, 42.2.14, 42.2.15, 42.2.16, 42.2.17, 42.2.18, 42.2.19, 42.2.20, 42.2.21, 42.2.22, 42.2.23, 42.2.24, 42.2.25, 42.2.26, 42.2.27, 42.2.28, 42.2.29, 42.3.0, 42.3.1, 42.3.2, 42.3.3, 42.3.4, 42.3.5, 42.3.6, 42.3.7, 42.3.8, 42.3.9, 42.3.10, 42.4.0, 42.4.1, 42.4.2, 42.4.3, 42.4.4, 42.4.5, 42.5.0, 42.5.1, 42.5.2, 42.5.3, 42.5.4, 42.5.5, 42.5.6, 42.6.0, 42.6.1, 42.6.2, 42.7.0, 42.7.1, 42.7.2, 42.7.3, 42.7.4