Unknown · Postgresnio · CVE-2023-31136
**Name of the Vulnerable Software and Affected Versions**
PostgresNIO versions prior to 1.14.2
**Description**
The issue affects users of PostgresNIO who connect to servers with TLS enabled, allowing a man-in-the-middle attacker to inject false responses to the client's first few queries despite the use of TLS certificate verification and encryption.
**Recommendations**
For PostgresNIO versions prior to 1.14.2, update to version 1.14.2 or later to resolve the issue.
As a temporary workaround, consider disabling TLS connections until a patch is available.
Restrict access to sensitive data to minimize the risk of exploitation.