Product
pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication, where a malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, leading to CPU exhaustion.