Details
-
Suggestion
-
Resolution: Done
-
None
Description
Upgrade PostgreSQL JDBC driver to 42.5.0 for CVE-2022-21724 (fixed in 42.3.2+)
For details see: https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md
Bitbucket would not be directly vulnerable to this as it requires the attacker to control the JDBC URL, something that is restricted to users with SYS_ADMIN permission. However this driver version has shown up on a customers vulnerability scan so it would be good to update it.