PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.
References
Configurations
History
21 Nov 2024, 08:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/advisories/GHSA-467w-rrqc-395f - Not Applicable | |
References | () https://github.com/advisories/GHSA-735f-7qx4-jqq5 - Not Applicable | |
References | () https://github.com/apple/swift-nio/pull/2419 - Patch | |
References | () https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - Patch | |
References | () https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - Release Notes | |
References | () https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - Vendor Advisory | |
References | () https://www.postgresql.org/support/security/CVE-2021-23214/ - Not Applicable | |
References | () https://www.postgresql.org/support/security/CVE-2021-23222/ - Not Applicable | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.7 |
16 May 2023, 16:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/advisories/GHSA-735f-7qx4-jqq5 - Not Applicable | |
References | (MISC) https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - Release Notes | |
References | (MISC) https://github.com/advisories/GHSA-467w-rrqc-395f - Not Applicable | |
References | (MISC) https://github.com/apple/swift-nio/pull/2419 - Patch | |
References | (MISC) https://www.postgresql.org/support/security/CVE-2021-23214/ - Not Applicable | |
References | (MISC) https://www.postgresql.org/support/security/CVE-2021-23222/ - Not Applicable | |
References | (MISC) https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - Patch | |
References | (MISC) https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - Vendor Advisory | |
CPE | cpe:2.3:a:vapor:postgresnio:*:*:*:*:*:postgresql:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
09 May 2023, 14:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-09 14:15
Updated : 2024-11-21 08:01
NVD link : CVE-2023-31136
Mitre link : CVE-2023-31136
CVE.ORG link : CVE-2023-31136
JSON object : View
Products Affected
vapor
- postgresnio
CWE
CWE-522
Insufficiently Protected Credentials