{"url":"http://public2.vulnerablecode.io/api/packages/552913?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.2.16.jre7","type":"maven","namespace":"org.postgresql","name":"postgresql","version":"42.2.16.jre7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"42.7.11","latest_non_vulnerable_version":"42.7.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76728?format=json","vulnerability_id":"VCID-2fq1-3xt8-hkc4","summary":"pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41946.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41946","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2404","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24067","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24164","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24146","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24092","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24035","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41946"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgjdbc/pgjdbc","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41946","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41946"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240329-0003","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240329-0003"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153399","reference_id":"2153399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153399"},{"reference_url":"https://github.com/advisories/GHSA-562r-vg33-8x8h","reference_id":"GHSA-562r-vg33-8x8h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-562r-vg33-8x8h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0758","reference_id":"RHSA-2023:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0888","reference_id":"RHSA-2023:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1177","reference_id":"RHSA-2023:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1630","reference_id":"RHSA-2023:1630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1815","reference_id":"RHSA-2023:1815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2378","reference_id":"RHSA-2023:2378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2867","reference_id":"RHSA-2023:2867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148466?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.2.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5jcp-q4ub-k3b8"},{"vulnerability":"VCID-9ad2-zqpd-n7dk"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.27"},{"url":"http://public2.vulnerablecode.io/api/packages/148467?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/148468?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148469?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.5.1"}],"aliases":["CVE-2022-41946","GHSA-562r-vg33-8x8h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fq1-3xt8-hkc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42428?format=json","vulnerability_id":"VCID-5jcp-q4ub-k3b8","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows unauthenticated attackers that level of control. It's not the job of the pgjdbc driver to decide whether a given log file location is acceptable. End user applications that use the pgjdbc driver must ensure that filenames are valid and restrict unauthenticated attackers from being able to supply arbitrary values. That's not specific to the pgjdbc driver either, it would be true for any library that can write to the application's local file system. While we do not consider this a security issue with the driver, we have decided to remove the `loggerFile` and `loggerLevel` connection properties in the next release of the driver. Removal of those properties does not make exposing the JDBC URL or connection properties to an attacker safe and we continue to suggest that applications do not allow untrusted users to specify arbitrary connection properties. We are removing them to prevent misuse and their functionality can be delegated to `java.util.logging`.","references":[{"reference_url":"https://github.com/pgjdbc/pgjdbc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064"},{"reference_url":"https://github.com/advisories/GHSA-673j-qm5f-xpv8","reference_id":"GHSA-673j-qm5f-xpv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-673j-qm5f-xpv8"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8","reference_id":"GHSA-673j-qm5f-xpv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60691?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq1-3xt8-hkc4"},{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.3"}],"aliases":["GHSA-673j-qm5f-xpv8","GMS-2022-75"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jcp-q4ub-k3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42630?format=json","vulnerability_id":"VCID-9ad2-zqpd-n7dk","summary":"Path traversal in org.postgresql:postgresql\n** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26520.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26520","reference_id":"","reference_type":"","scores":[{"value":"0.00994","scoring_system":"epss","scoring_elements":"0.77318","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00994","scoring_system":"epss","scoring_elements":"0.77297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79922","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79897","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgjdbc/pgjdbc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc"},{"reference_url":"https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3"},{"reference_url":"https://jdbc.postgresql.org/documentation/head/tomcat.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jdbc.postgresql.org/documentation/head/tomcat.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5196","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064007","reference_id":"2064007","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064007"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26520","reference_id":"CVE-2022-26520","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26520"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8","reference_id":"GHSA-673j-qm5f-xpv8","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8"},{"reference_url":"https://github.com/advisories/GHSA-727h-hrw8-jg8q","reference_id":"GHSA-727h-hrw8-jg8q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-727h-hrw8-jg8q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60691?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq1-3xt8-hkc4"},{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.3"}],"aliases":["CVE-2022-26520","GHSA-727h-hrw8-jg8q"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ad2-zqpd-n7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42243?format=json","vulnerability_id":"VCID-h4a8-mryz-fqfg","summary":"Remote code execution vulnerability using plugin features\npgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver does not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21724.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21724","reference_id":"","reference_type":"","scores":[{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.87149","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.87137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04056","scoring_system":"epss","scoring_elements":"0.88727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04056","scoring_system":"epss","scoring_elements":"0.88745","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04056","scoring_system":"epss","scoring_elements":"0.88744","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgjdbc/pgjdbc","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21724","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21724"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220311-0005","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220311-0005"},{"reference_url":"https://www.debian.org/security/2022/dsa-5196","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://www.debian.org/security/2022/dsa-5196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050863","reference_id":"2050863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050863"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/","reference_id":"BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"},{"reference_url":"https://github.com/advisories/GHSA-v7wg-cpwc-24m4","reference_id":"GHSA-v7wg-cpwc-24m4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7wg-cpwc-24m4"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4","reference_id":"GHSA-v7wg-cpwc-24m4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220311-0005/","reference_id":"ntap-20220311-0005","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-25T15:45:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220311-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4623","reference_id":"RHSA-2022:4623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60369?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq1-3xt8-hkc4"},{"vulnerability":"VCID-5jcp-q4ub-k3b8"},{"vulnerability":"VCID-9ad2-zqpd-n7dk"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.25"},{"url":"http://public2.vulnerablecode.io/api/packages/60370?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fq1-3xt8-hkc4"},{"vulnerability":"VCID-5jcp-q4ub-k3b8"},{"vulnerability":"VCID-9ad2-zqpd-n7dk"},{"vulnerability":"VCID-nw8j-ybjy-hqbg"},{"vulnerability":"VCID-y6bd-xgvn-jub9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.3.2"}],"aliases":["CVE-2022-21724","GHSA-v7wg-cpwc-24m4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4a8-mryz-fqfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61662?format=json","vulnerability_id":"VCID-y6bd-xgvn-jub9","summary":"jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42198.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42198.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42198","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13512","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13386","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42198"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pgjdbc/pgjdbc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pgjdbc/pgjdbc"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T18:00:34Z/"}],"url":"https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.11"},{"reference_url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-98qh-xjc8-98pq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T18:00:34Z/"}],"url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-98qh-xjc8-98pq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42198","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42198"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463857","reference_id":"2463857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463857"},{"reference_url":"https://github.com/advisories/GHSA-98qh-xjc8-98pq","reference_id":"GHSA-98qh-xjc8-98pq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98qh-xjc8-98pq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19098","reference_id":"RHSA-2026:19098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22304","reference_id":"RHSA-2026:22304","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24348","reference_id":"RHSA-2026:24348","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24348"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119735?format=json","purl":"pkg:maven/org.postgresql/postgresql@42.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.7.11"}],"aliases":["CVE-2026-42198","GHSA-98qh-xjc8-98pq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6bd-xgvn-jub9"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.16.jre7"}