PostgreSQL

Multiple vulnerabilities in PostgreSQL could be exploited by an attacker to execute arbitrary code, conduct a denial of service attack, disclose information, manipulate files, conduct a SQL injection attack, and bypass security measures.

A JSON-path traversal injection vulnerability exists in Kysely versions prior to 0.28.16, allowing attackers to traverse JSON sub-fields outside the intended scope, potentially leading to unauthorized read and write access to sensitive data in MySQL, PostgreSQL, and SQLite databases due to insufficient sanitization of JSON-path metacharacters in the `JSONPathBuilder.key()` and `.at()` functions.

pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication, where a malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, leading to CPU exhaustion.