PT-2020-6672 · Postgresql+9 · Postgresql Jdbc Driver+9

Published

2020-06-01

Updated

2024-03-06

CVE-2020-13692

CVSS v2.0

9.0

High

Vector

AV:N/AC:M/Au:N/C:C/I:P/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL JDBC Driver (aka PgJDBC) versions prior to 42.2.13

Description The issue is related to the incorrect restriction of XML external entities, which can lead to XXE attacks. A remote attacker can exploit this to conduct XXE attacks.

Recommendations For versions prior to 42.2.13, update to version 42.2.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of external entities in XML parsing until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

ALSA-2020:3176

ALT-PU-2023-8463

BDU:2022-03872

BIT-POSTGRESQL-JDBC-DRIVER-2020-13692

CESA-2020_3176

CESA-2020_3284

CESA-2020_3285

CVE-2020-13692

DSA-5196-1

GHSA-88CC-G835-76RP

MGASA-2020-0319

RHSA-2020:3176

RHSA-2020:3283

RHSA-2020:3284

RHSA-2020:3285

RHSA-2020:3286

RHSA-2020_3176

RHSA-2020_3284

RHSA-2020_3285

RLSA-2020:3176

SUSE-SU-2020:3466-1

SUSE-SU-2020:3781-1

SUSE-SU-2021:0599-1

SUSE-SU-2021_0599-1

USN-5238-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql Jdbc Driver

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6672 · Postgresql+9 · Postgresql Jdbc Driver+9

CVE-2020-13692

Weakness Enumeration

Related Identifiers

Affected Products

References · 91