Vulnerability Details CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 6.8
References
- https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
- https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
- https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
- https://security.netapp.com/advisory/ntap-20200619-0005/
- https://www.debian.org/security/2022/dsa-5196
- https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
- https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
- https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
- https://security.netapp.com/advisory/ntap-20200619-0005/
- https://www.debian.org/security/2022/dsa-5196
Products affected by CVE-2020-13692
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:-
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.10
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.11
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.12
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.5
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.6
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.7
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.9
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211
-
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212
-
cpe:2.3:a:quarkus:quarkus:0.0.1
-
cpe:2.3:a:quarkus:quarkus:0.1.0
-
cpe:2.3:a:quarkus:quarkus:0.10.0
-
cpe:2.3:a:quarkus:quarkus:0.11.0
-
cpe:2.3:a:quarkus:quarkus:0.12.0
-
cpe:2.3:a:quarkus:quarkus:0.13.0
-
cpe:2.3:a:quarkus:quarkus:0.13.1
-
cpe:2.3:a:quarkus:quarkus:0.13.2
-
cpe:2.3:a:quarkus:quarkus:0.13.3
-
cpe:2.3:a:quarkus:quarkus:0.14.0
-
cpe:2.3:a:quarkus:quarkus:0.15.0
-
cpe:2.3:a:quarkus:quarkus:0.16.0
-
cpe:2.3:a:quarkus:quarkus:0.16.1
-
cpe:2.3:a:quarkus:quarkus:0.17.0
-
cpe:2.3:a:quarkus:quarkus:0.18.0
-
cpe:2.3:a:quarkus:quarkus:0.19.0
-
cpe:2.3:a:quarkus:quarkus:0.19.1
-
cpe:2.3:a:quarkus:quarkus:0.2.0
-
cpe:2.3:a:quarkus:quarkus:0.20.0
-
cpe:2.3:a:quarkus:quarkus:0.21.0
-
cpe:2.3:a:quarkus:quarkus:0.21.1
-
cpe:2.3:a:quarkus:quarkus:0.21.2
-
cpe:2.3:a:quarkus:quarkus:0.22.0
-
cpe:2.3:a:quarkus:quarkus:0.23.0
-
cpe:2.3:a:quarkus:quarkus:0.23.1
-
cpe:2.3:a:quarkus:quarkus:0.23.2
-
cpe:2.3:a:quarkus:quarkus:0.24.0
-
cpe:2.3:a:quarkus:quarkus:0.25.0
-
cpe:2.3:a:quarkus:quarkus:0.26.0
-
cpe:2.3:a:quarkus:quarkus:0.26.1
-
cpe:2.3:a:quarkus:quarkus:0.27.0
-
cpe:2.3:a:quarkus:quarkus:0.28.0
-
cpe:2.3:a:quarkus:quarkus:0.28.1
-
cpe:2.3:a:quarkus:quarkus:0.3.0
-
cpe:2.3:a:quarkus:quarkus:0.4.0
-
cpe:2.3:a:quarkus:quarkus:0.5.0
-
cpe:2.3:a:quarkus:quarkus:0.6.0
-
cpe:2.3:a:quarkus:quarkus:0.7.0
-
cpe:2.3:a:quarkus:quarkus:0.8.0
-
cpe:2.3:a:quarkus:quarkus:0.9.0
-
cpe:2.3:a:quarkus:quarkus:0.9.1
-
cpe:2.3:a:quarkus:quarkus:1.0.0
-
cpe:2.3:a:quarkus:quarkus:1.0.1
-
cpe:2.3:a:quarkus:quarkus:1.1.0
-
cpe:2.3:a:quarkus:quarkus:1.1.1
-
cpe:2.3:a:quarkus:quarkus:1.2.0
-
cpe:2.3:a:quarkus:quarkus:1.2.1
-
cpe:2.3:a:quarkus:quarkus:1.3.0
-
cpe:2.3:a:quarkus:quarkus:1.3.1
-
cpe:2.3:a:quarkus:quarkus:1.3.2
-
cpe:2.3:a:quarkus:quarkus:1.3.3
-
cpe:2.3:a:quarkus:quarkus:1.3.4
-
cpe:2.3:a:quarkus:quarkus:1.4.0
-
cpe:2.3:a:quarkus:quarkus:1.4.1
-
cpe:2.3:a:quarkus:quarkus:1.4.2
-
cpe:2.3:a:quarkus:quarkus:1.5.0
-
cpe:2.3:a:quarkus:quarkus:1.5.1
-
cpe:2.3:a:quarkus:quarkus:1.5.2
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:32