CVE-2023-31136

Name of the Vulnerable Software and Affected Versions PostgresNIO versions prior to 1.14.2

Description The issue affects users of PostgresNIO who connect to servers with TLS enabled, allowing a man-in-the-middle attacker to inject false responses to the client's first few queries despite the use of TLS certificate verification and encryption.

Recommendations For PostgresNIO versions prior to 1.14.2, update to version 1.14.2 or later to resolve the issue. As a temporary workaround, consider disabling TLS connections until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.