From 2e2e8ce853a4ed44ec3b8b8bf047d7ac36bacb20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9F=A9=E7=9D=BF?= <d202280660@hust.edu.cn>
Date: Mon, 24 Apr 2023 15:15:22 +0000
Subject: [PATCH] update monitor-tools/pom.xml to prevent Arbitrary Code
 Injection Arbitrary Code Injection In pgjdbc before 42.3.3, an attacker (who
 controls the jdbc URL or properties) can call java.util.logging.FileHandler
 to write to arbitrary files through the loggerFile and loggerLevel connection
 properties. An example situation is that an attacker could create an
 executable JSP file under a Tomcat web root. NOTE: the vendor's position is
 that there is no pgjdbc vulnerability; instead, it is a vulnerability for any
 application to use the pgjdbc driver with untrusted connection properties
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 韩睿 <d202280660@hust.edu.cn>
---
 monitor-tools/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitor-tools/pom.xml b/monitor-tools/pom.xml
index 06686c8..ebb673c 100644
--- a/monitor-tools/pom.xml
+++ b/monitor-tools/pom.xml
@@ -62,7 +62,7 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-            <version>42.2.26</version>
+            <version>42.3.3</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
-- 
Gitee