Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.postgresql/postgresql@9.4.1208.jre6

Type maven

Namespace org.postgresql

Name postgresql

Version 9.4.1208.jre6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 42.3.8

Latest_non_vulnerable_version 42.7.7

Affected_by_vulnerabilities

url VCID-7p16-8nb5-kucz

vulnerability_id VCID-7p16-8nb5-kucz

summary

Remote code execution vulnerability using plugin features
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver does not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21724.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21724.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21724

reference_id

reference_type

scores

value	0.04807
scoring_system	epss
scoring_elements	0.89525
published_at	2026-04-26T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89521
published_at	2026-04-24T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89507
published_at	2026-04-21T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89509
published_at	2026-04-18T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89508
published_at	2026-04-16T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.8946
published_at	2026-04-02T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89494
published_at	2026-04-13T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89499
published_at	2026-04-12T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89501
published_at	2026-04-11T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89492
published_at	2026-04-09T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89488
published_at	2026-04-08T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89473
published_at	2026-04-07T12:55:00Z

value	0.04807
scoring_system	epss
scoring_elements	0.89472
published_at	2026-04-04T12:55:00Z

value	0.05407
scoring_system	epss
scoring_elements	0.90166
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21724

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pgjdbc/pgjdbc

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pgjdbc/pgjdbc

reference_url

https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21724

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21724

reference_url

https://security.netapp.com/advisory/ntap-20220311-0005

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220311-0005

reference_url

https://security.netapp.com/advisory/ntap-20220311-0005/

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://security.netapp.com/advisory/ntap-20220311-0005/

reference_url

https://www.debian.org/security/2022/dsa-5196

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://www.debian.org/security/2022/dsa-5196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2050863
reference_id	2050863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2050863

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/

reference_id

BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/

reference_url

https://github.com/advisories/GHSA-v7wg-cpwc-24m4

reference_id

GHSA-v7wg-cpwc-24m4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v7wg-cpwc-24m4

reference_url

https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4

reference_id

GHSA-v7wg-cpwc-24m4

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/

url

https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4

reference_url	https://access.redhat.com/errata/RHSA-2022:4623
reference_id	RHSA-2022:4623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4623

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:6835
reference_id	RHSA-2022:6835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6835

fixed_packages

url pkg:maven/org.postgresql/postgresql@42.2.25

purl pkg:maven/org.postgresql/postgresql@42.2.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hpc5-vtmd-gub5

vulnerability	VCID-qub7-qp14-uqcg

vulnerability	VCID-uzj4-puvz-zfgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.25

url pkg:maven/org.postgresql/postgresql@42.3.2

purl pkg:maven/org.postgresql/postgresql@42.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hpc5-vtmd-gub5

vulnerability	VCID-qub7-qp14-uqcg

vulnerability	VCID-uzj4-puvz-zfgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.2

aliases CVE-2022-21724, GHSA-v7wg-cpwc-24m4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7p16-8nb5-kucz

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@9.4.1208.jre6

Package Instance