Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oODZ3LW01cm0teHIzM84AAfdY

Unescaped parameters in the PostgreSQL JDBC driver

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

Permalink: https://github.com/advisories/GHSA-h86w-m5rm-xr33
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oODZ3LW01cm0teHIzM84AAfdY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

Identifiers: GHSA-h86w-m5rm-xr33, CVE-2012-1618
References:

Blast Radius: 0.0

Affected Packages

maven:org.postgresql:postgresql

Dependent packages: 3,652
Dependent repositories: 176,054
Downloads:
Affected Version Ranges: < 8.2
Fixed in: 8.2
All affected versions:
All unaffected versions: 9.4.1207, 9.4.1208, 9.4.1209, 9.4.1210, 9.4.1211, 9.4.1212, 42.0.0, 42.1.0, 42.1.1, 42.1.2, 42.1.3, 42.1.4, 42.2.0, 42.2.1, 42.2.2, 42.2.3, 42.2.4, 42.2.5, 42.2.6, 42.2.7, 42.2.8, 42.2.9, 42.2.10, 42.2.11, 42.2.12, 42.2.13, 42.2.14, 42.2.15, 42.2.16, 42.2.17, 42.2.18, 42.2.19, 42.2.20, 42.2.21, 42.2.22, 42.2.23, 42.2.24, 42.2.25, 42.2.26, 42.2.27, 42.2.28, 42.2.29, 42.3.0, 42.3.1, 42.3.2, 42.3.3, 42.3.4, 42.3.5, 42.3.6, 42.3.7, 42.3.8, 42.3.9, 42.3.10, 42.4.0, 42.4.1, 42.4.2, 42.4.3, 42.4.4, 42.4.5, 42.5.0, 42.5.1, 42.5.2, 42.5.3, 42.5.4, 42.5.5, 42.5.6, 42.6.0, 42.6.1, 42.6.2, 42.7.0, 42.7.1, 42.7.2, 42.7.3