ID CVE-2020-13692
Summary PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.4.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.4.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.4.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.4.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.5.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.5.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.5.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.5.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 15-03-2021 - 17:14)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1852985
    title CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment postgresql-jdbc is earlier than 0:42.2.3-3.el8_2
            oval oval:com.redhat.rhsa:tst:20203176001
          • comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203176002
        • AND
          • comment postgresql-jdbc-javadoc is earlier than 0:42.2.3-3.el8_2
            oval oval:com.redhat.rhsa:tst:20203176003
          • comment postgresql-jdbc-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203176004
    rhsa
    id RHSA-2020:3176
    released 2020-07-28
    severity Important
    title RHSA-2020:3176: postgresql-jdbc security update (Important)
  • bugzilla
    id 1852985
    title CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment postgresql-jdbc is earlier than 0:8.4.704-4.el6_10
        oval oval:com.redhat.rhsa:tst:20203284001
      • comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20203176002
    rhsa
    id RHSA-2020:3284
    released 2020-08-03
    severity Important
    title RHSA-2020:3284: postgresql-jdbc security update (Important)
  • bugzilla
    id 1852985
    title CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment postgresql-jdbc is earlier than 0:9.2.1002-8.el7_8
            oval oval:com.redhat.rhsa:tst:20203285001
          • comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203176002
        • AND
          • comment postgresql-jdbc-javadoc is earlier than 0:9.2.1002-8.el7_8
            oval oval:com.redhat.rhsa:tst:20203285003
          • comment postgresql-jdbc-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203176004
    rhsa
    id RHSA-2020:3285
    released 2020-08-03
    severity Important
    title RHSA-2020:3285: postgresql-jdbc security update (Important)
rpms
  • postgresql-jdbc-0:42.2.3-3.el8_2
  • postgresql-jdbc-javadoc-0:42.2.3-3.el8_2
  • postgresql-jdbc-0:42.2.3-3.el8_0
  • postgresql-jdbc-javadoc-0:42.2.3-3.el8_0
  • postgresql-jdbc-0:8.4.704-4.el6_10
  • postgresql-jdbc-0:9.2.1002-8.el7_8
  • postgresql-jdbc-javadoc-0:9.2.1002-8.el7_8
  • postgresql-jdbc-0:42.2.3-3.el8_1
  • postgresql-jdbc-javadoc-0:42.2.3-3.el8_1
refmap via4
confirm
fedora FEDORA-2020-5a31ccfe66
mlist
  • [camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692
  • [camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692
  • [camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692
  • [camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692
  • [camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692
  • [camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)
  • [camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)
  • [netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14
  • [netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14
Last major update 15-03-2021 - 17:14
Published 04-06-2020 - 16:15
Last modified 15-03-2021 - 17:14
Back to Top