GHSA-xgxp-9x8p-gcw4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xgxp-9x8p-gcw4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-xgxp-9x8p-gcw4/GHSA-xgxp-9x8p-gcw4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xgxp-9x8p-gcw4
- Withdrawn
- 2023-03-14T07:01:09.288107Z
- Published
- 2022-02-15T01:57:18Z
- Modified
- 2023-03-14T07:01:09.288107Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- SQL Injection
- Details
-
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-89" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-25695
- https://bugzilla.redhat.com/show_bug.cgi?id=1894425
- https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html
- https://security.gentoo.org/glsa/202012-07
- https://security.netapp.com/advisory/ntap-20201202-0003/
- https://www.postgresql.org/support/security/
Affected packages
Maven / org.postgresql:postgresql
Package
- Name
- org.postgresql:postgresql
- View open source insights on deps.dev
- Purl
- pkg:maven/org.postgresql/postgresql
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13.1
Affected versions
9.*
9.2-1002-jdbc4
9.2-1003-jdbc3
9.2-1003-jdbc4
9.2-1004-jdbc3
9.2-1004-jdbc4
9.2-1004-jdbc41
9.3-1100-jdbc3
9.3-1100-jdbc4
9.3-1100-jdbc41
9.3-1101-jdbc3
9.3-1101-jdbc4
9.3-1101-jdbc41
9.3-1102-jdbc3
9.3-1102-jdbc4
9.3-1102-jdbc41
9.3-1103-jdbc3
9.3-1103-jdbc4
9.3-1103-jdbc41
9.3-1104-jdbc4
9.3-1104-jdbc41
9.4-1200-jdbc4
9.4-1200-jdbc41
9.4-1201-jdbc4
9.4-1201-jdbc41
9.4-1202-jdbc4
9.4-1202-jdbc41
9.4-1202-jdbc42
9.4-1203-jdbc4
9.4-1203-jdbc41
9.4-1203-jdbc42
9.4-1204-jdbc4
9.4-1204-jdbc41
9.4-1204-jdbc42
9.4-1205-jdbc4
9.4-1205-jdbc41
9.4-1205-jdbc42
9.4-1206-jdbc4
9.4-1206-jdbc41
9.4-1206-jdbc42
9.4.1207
9.4.1207.jre6
9.4.1207.jre7
9.4.1208
9.4.1208.jre6
9.4.1208.jre7
9.4.1209
9.4.1209.jre6
9.4.1209.jre7
9.4.1210
9.4.1210.jre6
9.4.1210.jre7
9.4.1211
9.4.1211.jre6
9.4.1211.jre7
9.4.1212
9.4.1212.jre6
9.4.1212.jre7