Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4Y2MtZzgzNS03NnJw
Improper Restriction of XML External Entity Reference
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Permalink: https://github.com/advisories/GHSA-88cc-g835-76rpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4Y2MtZzgzNS03NnJw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 7.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Identifiers: GHSA-88cc-g835-76rp, CVE-2020-13692
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-13692
- https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
- https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
- https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E
- https://lists.fedoraproject.org/archives/list/[email protected]/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
- https://security.netapp.com/advisory/ntap-20200619-0005/
- https://www.debian.org/security/2022/dsa-5196
- https://github.com/advisories/GHSA-88cc-g835-76rp
Affected Packages
maven:org.postgresql:postgresql
Dependent packages: 3,652Dependent repositories: 176,054
Downloads:
Affected Version Ranges: < 42.2.13
Fixed in: 42.2.13
All affected versions: 9.4.1207, 9.4.1208, 9.4.1209, 9.4.1210, 9.4.1211, 9.4.1212, 42.0.0, 42.1.0, 42.1.1, 42.1.2, 42.1.3, 42.1.4, 42.2.0, 42.2.1, 42.2.2, 42.2.3, 42.2.4, 42.2.5, 42.2.6, 42.2.7, 42.2.8, 42.2.9, 42.2.10, 42.2.11, 42.2.12
All unaffected versions: 42.2.13, 42.2.14, 42.2.15, 42.2.16, 42.2.17, 42.2.18, 42.2.19, 42.2.20, 42.2.21, 42.2.22, 42.2.23, 42.2.24, 42.2.25, 42.2.26, 42.2.27, 42.2.28, 42.2.29, 42.3.0, 42.3.1, 42.3.2, 42.3.3, 42.3.4, 42.3.5, 42.3.6, 42.3.7, 42.3.8, 42.3.9, 42.3.10, 42.4.0, 42.4.1, 42.4.2, 42.4.3, 42.4.4, 42.4.5, 42.5.0, 42.5.1, 42.5.2, 42.5.3, 42.5.4, 42.5.5, 42.5.6, 42.6.0, 42.6.1, 42.6.2, 42.7.0, 42.7.1, 42.7.2