Skip to content

Upgrade PostgreSQL JDBC Driver to at least 42.3.9 to fix 1 critical and 2 moderate CVE #129

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Upgrade PostgreSQL JDBC Driver to at least 42.3.9 to fix 1 critical and 2 moderate CVE#129
Labels
type: dependency-upgrade
Milestone
 
2.0.7
@jasperbogers

Description

@jasperbogers
jasperbogers
opened on Mar 6, 2024

The following CVE are found in io.zonky.test/embedded-postgres/2.0.6

(Critical)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1597
GHSA-24rp-q3w6-vc56

(Moderate)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197
GHSA-r38f-c4h4-hqq2

(Moderate)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946
GHSA-562r-vg33-8x8h

Cause
These vulnerabilities are due to a dependency in pom.xml on org.postgresql:postgresql version 42.3.5

How to fix?
Upgrade org.postgresql:postgresql to version 42.3.9 (highest at the time of writing).

Metadata

Assignees

No one assigned

    Labels

    type: dependency-upgrade

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions