CVE-2020-13692

nvd nist

Published: Jun 4, 2020Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploitability: 2.2 / Impact: 5.5

Source: NVD

Description

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Affected (6)

Products: Postgresql: Postgresql Jdbc Driver · Quarkus: Quarkus · Netapp: Steelstore Cloud Integrated Storage · +2 more

Show all products

Postgresql: Postgresql Jdbc Driver · Quarkus: Quarkus · Netapp: Steelstore Cloud Integrated Storage · Fedoraproject: Fedora · Debian: Debian Linux

Postgresql

1 product

Postgresql Jdbc Driver

Quarkus

1 product

Quarkus

Netapp

1 product

Steelstore Cloud Integrated Storage

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql Jdbc Driver	Before 42.2.13

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Quarkus Quarkus	Up to 1.5.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (28)

https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65

Source: cve@mitre.org

PatchThird Party Advisory

https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13

Source: cve@mitre.org

Release NotesVendor Advisory

https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20200619-0005/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2022/dsa-5196

Source: cve@mitre.org

Third Party Advisory

https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65