search

arohablue / BlockDockServer

A system to securely share files on the blockchain with IPFS.
1 stars 0 forks source link

CVE-2020-13692 (High) detected in postgresql-9.4.1211.jre7.jar - autoclosed #107

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-13692 - High Severity Vulnerability

Vulnerable Library - postgresql-9.4.1211.jre7.jar

Java JDBC 4.1 (JRE 7+) driver for PostgreSQL database

Library home page: https://github.com/pgjdbc/pgjdbc-parent-poms

Path to dependency file: /BlockDockServer/build.gradle

Path to vulnerable library: /radle/caches/modules-2/files-2.1/org.postgresql/postgresql/9.4.1211.jre7/56b01e9e667f408818a6ef06a89598dbab80687d/postgresql-9.4.1211.jre7.jar

Dependency Hierarchy: - :x: **postgresql-9.4.1211.jre7.jar** (Vulnerable Library)

Vulnerability Details

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Publish Date: 2020-06-04

URL: CVE-2020-13692

CVSS 3 Score Details (7.7)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13

Release Date: 2020-06-04

Fix Resolution: org.postgresql:postgresql:42.2.13

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.