VulnerableCode Package Details - pkg:apk/alpine/java-postgresql-jdbc@42.7.9-r0?arch=ppc64le&distroversion=edge&reponame=community

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/java-postgresql-jdbc@42.7.9-r0?arch=ppc64le&distroversion=edge&reponame=community

purl	pkg:apk/alpine/java-postgresql-jdbc@42.7.9-r0?arch=ppc64le&distroversion=edge&reponame=community

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-su7j-n4f9-y3a2	pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration ### Impact When the PostgreSQL JDBC driver is configured with channel binding set to `required` (default value is `prefer`), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. ### Patches TBD ### Workarounds Configure `sslMode=verify-full` to prevent MITM attacks. ### References * https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256 * https://datatracker.ietf.org/doc/html/rfc7677 * https://datatracker.ietf.org/doc/html/rfc5802	CVE-2025-49146 GHSA-hq9p-pm7w-8p54

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T19:04:44.596114+00:00	Alpine Linux Importer	Fixing	VCID-su7j-n4f9-y3a2	https://secdb.alpinelinux.org/edge/community.json	38.0.0