漏洞标题
PostgresNIO 从中间拦截器中处理未加密的字节
漏洞描述信息
PostgresNIO处理中间人攻击中未加密的字节
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
PostgresNIO processes unencrypted bytes from man-in-the-middle
漏洞描述信息
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
不充分的凭证保护机制
漏洞标题
PostgresNIO 安全漏洞
漏洞描述信息
PostgresNIO是一个PostgreSQL的Swift客户端。 PostgresNIO 1.14.2 之前版本存在安全漏洞。攻击者利用该漏洞执行中间人攻击。
CVSS信息
N/A
漏洞类别
其他