org.postgresql:postgresql@42.2.29 vulnerabilities
-
latest version
42.7.4
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
3 months ago
-
licenses detected
- [9.2-1002-jdbc4,9.4-1200-jdbc4); [9.4.1212,9.4.1212.jre6); [42.0.0,42.0.0.jre6); [42.1.0,42.1.0.jre7); [42.1.1,42.1.1.jre6); [42.1.2,42.1.2.jre6); [42.1.3,42.1.3.jre6); [42.1.4,42.1.4.jre6); [42.2.0,42.2.0.jre6); [42.2.1,42.2.1.jre6); [42.2.2,42.2.2.jre6); [42.2.3,42.2.3.jre6); [42.2.4,42.2.4.jre6); [42.2.5,42.2.5.jre6); [42.2.6,42.2.6.jre6); [42.2.7,42.2.7.jre6); [42.2.8,42.2.8.jre6); [42.2.9,42.2.9.jre6); [42.2.10,42.2.10.jre6); [42.2.11,42.2.11.jre6); [42.2.12,42.2.12.jre6); [42.2.13,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.postgresql:postgresql package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.postgresql:postgresql is a Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database. Affected versions of this package are vulnerable to Arbitrary Code Injection. DISPUTED When an arbitrary filename is specified in the Note: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. How to fix Arbitrary Code Injection? Upgrade |
[42.1.0,42.3.3)
|