GHSA-568q-9fw5-28wf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-568q-9fw5-28wf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-568q-9fw5-28wf/GHSA-568q-9fw5-28wf.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-568q-9fw5-28wf
- Aliases
- Published
- 2018-10-19T16:53:33Z
- Modified
- 2024-12-02T05:49:37.159941Z
- Summary
- Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
- Details
-
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": null, "cwe_ids": [ "CWE-297" ], "github_reviewed_at": "2020-06-16T21:00:08Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-10936
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936
- https://github.com/advisories/GHSA-568q-9fw5-28wf
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
- https://www.postgresql.org/about/news/1883
- http://www.securityfocus.com/bid/105220
Affected packages
Maven / org.postgresql:pgjdbc-aggregate
Package
- Name
- org.postgresql:pgjdbc-aggregate
- View open source insights on deps.dev
- Purl
- pkg:maven/org.postgresql/pgjdbc-aggregate