PostgreSQL JDBC Version CVE-2022-41946

OpenWIS / openwis

http://openwis.github.io/openwis

GNU General Public License v3.0

11 stars 15 forks source link

PostgreSQL JDBC Version CVE-2022-41946 #422

Open mgiannoni opened 1 year ago

mgiannoni commented 1 year ago

The database access library that contains an information disclosure vulnerability The affected versions of PostgreSQL JDBC Driver are:

42.2.x prior to 42.2.27
42.3.x prior to 42.3.8
42.4.x prior to 42.4.3
42.5.x prior to 42.5.1.

SQL queries using prepared statements that total more than 51 kilobytes will be written to the system temporary directory where they can be read by any local user of the system. MavenJDBCversions

zhangz555 commented 1 year ago

There are no vulnerability check on branch 3.16 anymore. It may be a good idea to tag the current master branch and then replace it with branch 3.16.