Avecramer

**Name of the Vulnerable Software and Affected Versions** PostgreSQL JDBC Driver versions prior to 42.2.26 PostgreSQL JDBC Driver versions prior to 42.4.1 **Description** The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names, allowing a malicious column name that contains a statement terminator, e.g. `;`, to lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User applications that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name whose column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. **Recommendations** For versions prior to 42.2.26, upgrade to version 42.2.26 or later. For versions prior to 42.4.1, upgrade to version 42.4.1 or later. As a temporary workaround, consider not using the `ResultSet.refreshRow()` method. If the `ResultSet.refreshRow()` method is used, ensure that the code that executes that method does not connect to a database that is controlled by an unauthenticated or malicious user.

**Name of the Vulnerable Software and Affected Versions** pgjdbc versions prior to the fixed version **Description** A security issue was found in the pgjdbc driver for PostgreSQL databases. The driver instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, it does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes. This can be exploited when an attacker controls the JDBC URL or properties. **Recommendations** For pgjdbc, upgrade to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the vulnerable connection properties `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` until a patch is available. Avoid using plugins that may instantiate arbitrary classes via these properties until the issue is resolved.