CVE-2020-13692

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13692
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13692.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13692
Aliases
Downstream
Related
Published
2020-06-04T16:15:12Z
Modified
2025-10-21T05:31:53.935652Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H CVSS Calculator
Summary
[none]
Details

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

References

Affected packages

Git / github.com/pgjdbc/pgjdbc

Affected ranges

Type
GIT
Repo
https://github.com/pgjdbc/pgjdbc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
14b62aca4764d496813f55a43d050b017e01eb65

Affected versions

REL42.*

REL42.0.0
REL42.1.0
REL42.1.1
REL42.1.2
REL42.1.3
REL42.1.4
REL42.2.0
REL42.2.1
REL42.2.10
REL42.2.11
REL42.2.12
REL42.2.2
REL42.2.3
REL42.2.4
REL42.2.5
REL42.2.6
REL42.2.7
REL42.2.8
REL42.2.9

Other

REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_3
REL7_2_4
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL7_4_RC2
REL8_0_309
REL8_1_404
REL8_2_504
REL8_3_603
REL8_4_701
REL9_0_801
REL9_3_1100
REL9_4_1201
REL9_4_1202
REL9_4_1203
REL9_4_1204
REL9_4_1205
REL9_4_1206
release-6-3

REL9.*

REL9.4.1207
REL9.4.1208
REL9.4.1209
REL9.4.1210
REL9.4.1211
REL9.4.1212

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "function": "getSource",
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java"
        },
        "digest": {
            "function_hash": "91168466433595010594273310158271129403",
            "length": 1074.0
        },
        "signature_type": "Function",
        "id": "CVE-2020-13692-233b9c39"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/main/java/org/postgresql/ds/common/BaseDataSource.java"
        },
        "digest": {
            "line_hashes": [
                "101067329146451035494201693243315212849",
                "134495762650234808616434975398782091788",
                "210025805666943601052623158012313352571"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-271c9c41"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/test/java/org/postgresql/jdbc/PgSQLXMLTest.java"
        },
        "digest": {
            "line_hashes": [
                "55026984487705996164376980564437213964",
                "18396130103450323134615457881168146072",
                "76912946818976542979924434334643835460",
                "4737508437523521632253474876624928686",
                "112411628875257068992445410591793534277",
                "103680617069060373444046327278475204501",
                "132136309881451248738137230168972365577",
                "253832198385396442529900146169834616491",
                "167290465159612428860793482761313628376",
                "181366779180090089046023809113703411565",
                "167482236805802335744954788966808679378",
                "246849576797343731984123541116992330300",
                "40165111795526528616280228665737267937",
                "227555293508953992212123866373570736071",
                "112000980830527187881853976368221934075",
                "208256878476417320408997437026414182030",
                "166727056821475751021492422294192361421",
                "295144564236976642785991062425401967001",
                "255204552228631070338205984857544868286",
                "286056627723692922661756802689927082571",
                "248841348269639933951174565334151718370",
                "234693563279806094295810941979267100358",
                "130976482248571160568040455994878627235",
                "149579158592392802502322080222537423214",
                "41329957247523189620440677413041153167",
                "59764102473897195281281745079119228400",
                "204938487768850394025712804981662577508",
                "296939309492774231274554258259833461364"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-2836cc6c"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "function": "PgConnection",
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java"
        },
        "digest": {
            "function_hash": "259686142848252625344008896594340056620",
            "length": 3662.0
        },
        "signature_type": "Function",
        "id": "CVE-2020-13692-2ac5ae09"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java"
        },
        "digest": {
            "line_hashes": [
                "33766022656305527744152914897716236031",
                "68213327411822197888519717011720676238",
                "143831789490606968846293588755295576241",
                "187840283112393369374382308356834548810",
                "258282385795245385542260620890735878809",
                "4406675877999921526359655433873745380",
                "124286739154319815877043934518229159683",
                "295524728167112078687039016687764860764",
                "241661187268506588995131505348866236155",
                "212744209351015577405523973373005824998",
                "255168820741380243171211204157664515040",
                "302543845847024765942748246783528307098"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-66abb5ee"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java"
        },
        "digest": {
            "line_hashes": [
                "120069051308780947526472469096811116826",
                "156892502506634343853690771629971496624",
                "263036727747078395035351009942841937036",
                "146382539975388209330800418121325380184",
                "267013386454474198748567148297893493760",
                "145915646063025370210827861229881781894",
                "121629400955697391357775438883193002618",
                "116619991482627259624080571542781217339",
                "222409835281595780172288590992133610565",
                "210040191417610574246233931248298200962",
                "186747102438580956869236649217055149624",
                "20974205446112082112865319280224567537",
                "284611652566347483794426129769990436205",
                "305730587603187461544614829662464492749",
                "158682434204050818805845815022566206095",
                "79191899621593532533436249530586203406",
                "125370834313326116208340851629226823794",
                "30186212636602150848587448288643157818",
                "211860526166943230835017916133172963147",
                "126983864628114207902170039322504203427",
                "225047841610741006865687417325113099913",
                "115780570543925241498317653264782563682",
                "252678402519044559665368703656526820571",
                "247794609571197718326198693170229080769",
                "102559480401027562637532257408357370152",
                "53041415668811756809709603735340584131",
                "130860410183019239319661903978028876672",
                "59494964315121551943563918799579033401",
                "29112422483406493485408813087424766873",
                "106804365306651492313548930973575582079",
                "231211144925596345955252270086717397037",
                "162709845835617272498288066625036701605",
                "268580359404182809761239006023686448925",
                "11941742108942646926261833673618733771",
                "15517332172226296305233004174051765295",
                "272395953641219851766987335898742164837",
                "72629384957077003987382712121016953668",
                "153476938366973071083602687920877725991",
                "229553297026579130981143681686238639030",
                "326800010238263560518410715674052953275",
                "102151909713399897542330520066767292450",
                "222310346547111351721370640129600828370",
                "183840835685855063310498009802858574965",
                "40535310066691273004751834503488548682",
                "86635797155230003881195741516382043660",
                "147566084724658537843690506463539792567",
                "333440179749061811051433544726221540592",
                "234572353945321258333557419581270505971",
                "229438575656661693619413795735924577646",
                "55163664288824895940547971718240376312",
                "82004524271637906748371907513831268053"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-79959b5a"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/main/java/org/postgresql/core/BaseConnection.java"
        },
        "digest": {
            "line_hashes": [
                "214235269788698345246242156671520595328",
                "177935312425458215286246517861074993446",
                "273380012420314821780336821462621493540",
                "276739420936070932896591407790284965842",
                "332524045378267214155457823990469606007",
                "313552066178323306745775322183499976818"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-8ec1100a"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "function": "setResult",
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java"
        },
        "digest": {
            "function_hash": "318525118381693929322023161484656214399",
            "length": 1302.0
        },
        "signature_type": "Function",
        "id": "CVE-2020-13692-b64090ea"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "file": "pgjdbc/src/main/java/org/postgresql/PGProperty.java"
        },
        "digest": {
            "line_hashes": [
                "221439530714648196366222214917449062033",
                "309597444005107234273311345803202753046",
                "238707077553605134237435261442906760103"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-13692-f10df6ab"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
        "target": {
            "function": "ensureInitialized",
            "file": "pgjdbc/src/main/java/org/postgresql/jdbc/PgSQLXML.java"
        },
        "digest": {
            "function_hash": "111582918661843072749233034427746509323",
            "length": 1224.0
        },
        "signature_type": "Function",
        "id": "CVE-2020-13692-fd2f5b9f"
    }
]