Vulnerability Details : CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Vulnerability category: XML external entity (XXE) injection
Exploit prediction scoring system (EPSS) score for CVE-2020-13692
Probability of exploitation activity in the next 30 days: 1.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-13692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.7
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H |
2.2
|
5.5
|
NIST |
CWE ids for CVE-2020-13692
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13692
-
https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E
[GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692 - Pony MailMailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5196
Debian -- Security Information -- DSA-5196-1 libpgjavaThird Party Advisory
-
https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E
[GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E
[GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E
[GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692 - Pony MailMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
[SECURITY] Fedora 32 Update: postgresql-jdbc-42.2.12-2.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E
[GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E
[GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E
[camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038) - Pony MailMailing List;Third Party Advisory
-
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
Merge pull request from GHSA-37xm-4h3m-5w3v · pgjdbc/pgjdbc@14b62ac · GitHubPatch;Third Party Advisory
-
https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
PostgreSQL JDBC ChangelogRelease Notes;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20200619-0005/
CVE-2020-13692 PostgreSQL Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E
[camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037) - Pony MailMailing List;Third Party Advisory
Products affected by CVE-2020-13692
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
- cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*