CVE-2020-13692 - PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

CVE-2020-13692

Summary

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

References

Vulnerable Configurations

cpe:2.3:a:postgresql:postgresql_jdbc_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.12:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:candidate_release1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.0:cr1:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-12-2022 - 15:02)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1852985
title	CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment postgresql-jdbc is earlier than 0:42.2.3-3.el8_2
oval oval:com.redhat.rhsa:tst:20203176001
comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20203176002

AND

comment postgresql-jdbc-javadoc is earlier than 0:42.2.3-3.el8_2
oval oval:com.redhat.rhsa:tst:20203176003
comment postgresql-jdbc-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20203176004

rhsa

id	RHSA-2020:3176
released	2020-07-28
severity	Important
title	RHSA-2020:3176: postgresql-jdbc security update (Important)

bugzilla

id	1852985
title	CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003
comment postgresql-jdbc is earlier than 0:8.4.704-4.el6_10
oval oval:com.redhat.rhsa:tst:20203284001
comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20203176002

rhsa

id	RHSA-2020:3284
released	2020-08-03
severity	Important
title	RHSA-2020:3284: postgresql-jdbc security update (Important)

bugzilla

id	1852985
title	CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment postgresql-jdbc is earlier than 0:9.2.1002-8.el7_8
oval oval:com.redhat.rhsa:tst:20203285001
comment postgresql-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20203176002

AND

comment postgresql-jdbc-javadoc is earlier than 0:9.2.1002-8.el7_8
oval oval:com.redhat.rhsa:tst:20203285003
comment postgresql-jdbc-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20203176004

rhsa

id	RHSA-2020:3285
released	2020-08-03
severity	Important
title	RHSA-2020:3285: postgresql-jdbc security update (Important)

rpms

postgresql-jdbc-0:42.2.3-3.el8_2
postgresql-jdbc-javadoc-0:42.2.3-3.el8_2
postgresql-jdbc-0:42.2.3-3.el8_0
postgresql-jdbc-javadoc-0:42.2.3-3.el8_0
postgresql-jdbc-0:8.4.704-4.el6_10
postgresql-jdbc-0:9.2.1002-8.el7_8
postgresql-jdbc-javadoc-0:9.2.1002-8.el7_8
postgresql-jdbc-0:42.2.3-3.el8_1
postgresql-jdbc-javadoc-0:42.2.3-3.el8_1

refmap via4

confirm	https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 https://security.netapp.com/advisory/ntap-20200619-0005/
fedora	FEDORA-2020-5a31ccfe66
mlist	[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692 [camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692 [camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692 [camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692 [camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692 [camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038) [camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037) [netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14 [netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14

Last major update

13-12-2022 - 15:02

Published

04-06-2020 - 16:15

Last modified

13-12-2022 - 15:02