Home > mailing lists

Security release CVE-2022-31197 - Mailing list pgsql-jdbc

From	Dave Cramer
Subject	Security release CVE-2022-31197
Date	August 3, 2022 17:04:49
Msg-id	CADK3HH+zHr3NDN-GgyHTc38nbKPJ620pA9kR_nt0gq2JrCw8cw@mail.gmail.com Whole thread Raw
Responses	Re: Security release CVE-2022-31197
List	pgsql-jdbc

Tree view

Greetings,

We have released 42.2.26 and 42.4.1 to address a security issue.

Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.

Thanks to Sho Kato https://github.com/kato-sho for finding and reporting the issue

Regards,

pgjdbc team

pgsql-jdbc by date:

From: Dave Cramer
Date: 03 August 2022, 16:22:03
Subject: [pgjdbc/pgjdbc]

From: Sehrope Sarkuni
Date: 03 August 2022, 17:35:32
Subject: Re: Security release CVE-2022-31197

Security release CVE-2022-31197 - Mailing list pgsql-jdbc

Previous

Next