Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.postgresql/postgresql@42.3.0
Typemaven
Namespaceorg.postgresql
Namepostgresql
Version42.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version42.2.8
Latest_non_vulnerable_version42.7.2
Affected_by_vulnerabilities
0
url VCID-h4a8-mryz-fqfg
vulnerability_id VCID-h4a8-mryz-fqfg
summary 
Remote code execution vulnerability using plugin features
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver does not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes.
references
0
reference_url https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813
reference_id
reference_type
scores
url https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813
1
reference_url https://github.com/advisories/GHSA-v7wg-cpwc-24m4
reference_id GHSA-v7wg-cpwc-24m4
reference_type
scores
url https://github.com/advisories/GHSA-v7wg-cpwc-24m4
2
reference_url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
reference_id GHSA-v7wg-cpwc-24m4
reference_type
scores
url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
fixed_packages
0
url pkg:maven/org.postgresql/postgresql@42.3.2
purl pkg:maven/org.postgresql/postgresql@42.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.2
aliases CVE-2022-21724, GHSA-v7wg-cpwc-24m4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4a8-mryz-fqfg
1
url VCID-nw8j-ybjy-hqbg
vulnerability_id VCID-nw8j-ybjy-hqbg
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/pgjdbc/pgjdbc
reference_id
reference_type
scores
url https://github.com/pgjdbc/pgjdbc
1
reference_url https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee
reference_id
reference_type
scores
url https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee
2
reference_url https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40
reference_id
reference_type
scores
url https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1597
reference_id CVE-2024-1597
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-1597
4
reference_url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
reference_id GHSA-24rp-q3w6-vc56
reference_type
scores
url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
5
reference_url https://github.com/advisories/GHSA-xfg6-62px-cxc2
reference_id GHSA-xfg6-62px-cxc2
reference_type
scores
url https://github.com/advisories/GHSA-xfg6-62px-cxc2
fixed_packages
0
url pkg:maven/org.postgresql/postgresql@42.3.9
purl pkg:maven/org.postgresql/postgresql@42.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.9
1
url pkg:maven/org.postgresql/postgresql@42.4.4
purl pkg:maven/org.postgresql/postgresql@42.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.4.4
2
url pkg:maven/org.postgresql/postgresql@42.5.5
purl pkg:maven/org.postgresql/postgresql@42.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.5.5
3
url pkg:maven/org.postgresql/postgresql@42.6.1
purl pkg:maven/org.postgresql/postgresql@42.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.6.1
4
url pkg:maven/org.postgresql/postgresql@42.7.2
purl pkg:maven/org.postgresql/postgresql@42.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.7.2
aliases CVE-2024-1597, GHSA-xfg6-62px-cxc2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nw8j-ybjy-hqbg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.0