Vulnerability in Postgresql
CVE-2012-1618
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified…
EPSS: 0.019 (83.6th percentile) — read the EPSS interpretation.
Affected products
- Postgresql — versions 9.1
- Postgresql Postgresql_jdbc_driver — versions 8.1
- N/a — versions n/a
References
- [oss-security] 20120330 postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 (mailing-list, x_refsource_MLIST)
- [oss-security] 20120402 Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_MISC)
- [oss-security] 20120404 Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (mailing-list, x_refsource_MLIST)
- 80641 (x_refsource_OSVDB, vdb-entry)
- [opensuse-security] 20120325 SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver (mailing-list, x_refsource_MLIST)
- [oss-security] 20120404 Re: Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (mailing-list, x_refsource_MLIST)
- [oss-security] 20120404 Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 (mailing-list, x_refsource_MLIST)
- [oss-security] 20120330 CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (mailing-list, x_refsource_MLIST)
- [oss-security] 20120404 Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (mailing-list, x_refsource_MLIST)