This security issue is specific to the PGJDBC implementation of the ResultSet.refresh() method.
If you are not using that method in your application code then you will not be impacted.
User applications that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the application into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the refreshRow() method on the ResultSet.
