GHSA-h86w-m5rm-xr33

Suggest an improvement
Source
https://github.com/advisories/GHSA-h86w-m5rm-xr33
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h86w-m5rm-xr33/GHSA-h86w-m5rm-xr33.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h86w-m5rm-xr33
Aliases
  • CVE-2012-1618
Published
2022-05-17T05:20:42Z
Modified
2023-11-08T03:57:04.274364Z
Summary
Unescaped parameters in the PostgreSQL JDBC driver
Details

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standardconformingstrings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

Database specific 
{
    "nvd_published_at": "2012-10-06T22:55:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:32:49Z"
}
References

Affected packages

Maven / org.postgresql:postgresql

Package

Name
org.postgresql:postgresql
View open source insights on deps.dev
Purl
pkg:maven/org.postgresql/postgresql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.2