> On 08/11/2022 11:50 CET Cedric Aaron Towstyka <cedric-aaron.towstyka@barmenia.de> wrote:
>
> the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der
> Informationstechnik) has issued a warning for CVE CVE-2022-42889with the name
> commons-text. Insurance companies are obliged to analyse the installed
> software for vulnerabilities of this type. As the Barmenia is using your
> product PostgreSQL Server it is necessary to obtain all information regarding
> any vulnerability against above CVE. We kindly ask you to provide information
> if the above product is affected by the CVE and if yes, when a fix will be
> available.
Postgres does not use Java and should not be affected. Maybe if you use
PL/Java[1].
This CVE reminds me of Log4j from last year[2].
[1] https://tada.github.io/pljava/
[2] https://www.postgresql.org/message-id/flat/30390f0b07fd4d90b1aacb683ebfae45%40pictet.com
--
Erik
