Vulnerability Database
Blog
FAQ
Docs
CVE-2020-13692
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13692
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13692.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13692
Aliases
BIT-postgresql-jdbc-driver-2020-13692
GHSA-88cc-g835-76rp
Related
ALSA-2020:3176
CGA-5338-j523-69px
RHSA-2020:3176
RHSA-2020:3283
RHSA-2020:3284
RHSA-2020:3285
RHSA-2020:3286
RLSA-2020:3176
SUSE-SU-2020:3466-1
SUSE-SU-2020:3781-1
SUSE-SU-2021:0599-1
UBUNTU-CVE-2020-13692
USN-5238-1
Published
2020-06-04T16:15:12Z
Modified
2024-10-12T05:55:13.768170Z
Severity
7.7 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
CVSS Calculator
Summary
[none]
Details
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
References
https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
https://security.netapp.com/advisory/ntap-20200619-0005/
https://www.debian.org/security/2022/dsa-5196
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E
https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E
https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
https://security-tracker.debian.org/tracker/CVE-2020-13692
Affected packages
Debian:11
/
libpgjava
Package
Name
libpgjava
Purl
pkg:deb/debian/libpgjava?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
42.2.12-2
Ecosystem specific
{ "urgency": "low" }
Debian:12
/
libpgjava
Package
Name
libpgjava
Purl
pkg:deb/debian/libpgjava?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
42.2.12-2
Ecosystem specific
{ "urgency": "low" }
Debian:13
/
libpgjava
Package
Name
libpgjava
Purl
pkg:deb/debian/libpgjava?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
42.2.12-2
Ecosystem specific
{ "urgency": "low" }
Git
/
github.com/pgjdbc/pgjdbc
Affected ranges
Type
GIT
Repo
https://github.com/pgjdbc/pgjdbc
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
14b62aca4764d496813f55a43d050b017e01eb65
Affected versions
REL42.*
REL42.0.0
REL42.1.0
REL42.1.1
REL42.1.2
REL42.1.3
REL42.1.4
REL42.2.0
REL42.2.1
REL42.2.10
REL42.2.11
REL42.2.12
REL42.2.2
REL42.2.3
REL42.2.4
REL42.2.5
REL42.2.6
REL42.2.7
REL42.2.8
REL42.2.9
Other
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_3
REL7_2_4
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL7_4_RC2
REL8_0_309
REL8_1_404
REL8_2_504
REL8_3_603
REL8_4_701
REL9_0_801
REL9_3_1100
REL9_4_1201
REL9_4_1202
REL9_4_1203
REL9_4_1204
REL9_4_1205
REL9_4_1206
release-6-3
REL9.*
REL9.4.1207
REL9.4.1208
REL9.4.1209
REL9.4.1210
REL9.4.1211
REL9.4.1212
CVE-2020-13692 - OSV