You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /server/plugins/ansible/db/pom.xml
Path to vulnerable library: /server/plugins/ansible/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/impl/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/db/pom.xml,/server/plugins/noderoster/impl/pom.xml
Path to dependency file: /server/plugins/ansible/db/pom.xml
Path to vulnerable library: /server/plugins/ansible/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/impl/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/db/pom.xml,/server/plugins/noderoster/impl/pom.xml
Vulnerable Library - postgresql-42.2.9.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /server/plugins/ansible/db/pom.xml
Path to vulnerable library: /server/plugins/ansible/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/impl/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/db/pom.xml,/server/plugins/noderoster/impl/pom.xml
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-13692
Vulnerable Library - postgresql-42.2.9.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /server/plugins/ansible/db/pom.xml
Path to vulnerable library: /server/plugins/ansible/db/pom.xml,/server/plugins/ansible/impl/pom.xml,/server/db/pom.xml,/server/impl/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/db/pom.xml,/server/plugins/noderoster/impl/pom.xml
Dependency Hierarchy:
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Found in base branch: master
Vulnerability Details
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Publish Date: 2020-06-04
URL: CVE-2020-13692
CVSS 3 Score Details (7.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
Release Date: 2020-06-04
Fix Resolution: 42.2.12.jre6
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
The text was updated successfully, but these errors were encountered: