Closed jasperbogers closed 6 months ago
The following CVE are found in io.zonky.test/embedded-postgres/2.0.6
(Critical) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1597 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
(Moderate) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
(Moderate) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
Cause These vulnerabilities are due to a dependency in pom.xml on org.postgresql:postgresql version 42.3.5
How to fix? Upgrade org.postgresql:postgresql to version 42.3.9 (highest at the time of writing).
Thank you for the report.
tomix26
commented
6 months ago tomix26
commented
6 months ago
The following CVE are found in io.zonky.test/embedded-postgres/2.0.6
(Critical) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1597 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
(Moderate) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
(Moderate) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
Cause These vulnerabilities are due to a dependency in pom.xml on org.postgresql:postgresql version 42.3.5
How to fix? Upgrade org.postgresql:postgresql to version 42.3.9 (highest at the time of writing).