{"id":"CVE-2022-21724","summary":"Unchecked Class Instantiation when providing Plugin Classes","details":"pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.","aliases":["BIT-postgresql-jdbc-driver-2022-21724","GHSA-v7wg-cpwc-24m4"],"modified":"2026-04-11T18:44:56.841192Z","published":"2022-02-02T11:48:52Z","related":["CGA-3wf9-2hvx-r3mp","SUSE-SU-2022:2143-1","SUSE-SU-2022:2145-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21724.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21724.json"},{"type":"ADVISORY","url":"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21724"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220311-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5196"},{"type":"FIX","url":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pgjdbc/pgjdbc","events":[{"introduced":"0"},{"fixed":"6f64a38627c12f8b515c8862682572cd1aff0ff8"},{"introduced":"6d93eb817f334b383d2c8716a50d8c1255e24236"},{"fixed":"728c04ee8d26dcc4bca51503c2e93ad87ef8ce87"},{"introduced":"0"},{"last_affected":"cfc4b1106b8f4931dee8241671c3880f5f947727"},{"fixed":"f4d0ed69c0b3aae8531d83d6af4c57f22312c813"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"42.2.25"},{"introduced":"42.3.0"},{"fixed":"42.3.2"},{"introduced":"0"},{"last_affected":"42.3.2-rc1"}]}},{"type":"GIT","repo":"https://github.com/quarkusio/quarkus","events":[{"introduced":"0"},{"fixed":"c7555123aaef705d6e35693da4c0daa3db2e9cd7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.2"}]}}],"versions":["REL42.0.0","REL42.1.0","REL42.1.1","REL42.1.2","REL42.1.3","REL42.1.4","REL42.2.0","REL42.2.1","REL42.2.10","REL42.2.11","REL42.2.12","REL42.2.13","REL42.2.14","REL42.2.14-rc1","REL42.2.15","REL42.2.15-rc1","REL42.2.15-rc2","REL42.2.16","REL42.2.16-rc2","REL42.2.17","REL42.2.17-rc1","REL42.2.18","REL42.2.18-rc1","REL42.2.19","REL42.2.19-rc1","REL42.2.19-rc2","REL42.2.2","REL42.2.20","REL42.2.20-rc1","REL42.2.20-rc2","REL42.2.21","REL42.2.21-rc1","REL42.2.21-rc2","REL42.2.22","REL42.2.22-rc1","REL42.2.23","REL42.2.23-rc1","REL42.2.23-rc3","REL42.2.23-rc4","REL42.2.23-rc5","REL42.2.23-rc6","REL42.2.24","REL42.2.24-rc1","REL42.2.24-rc2","REL42.2.3","REL42.2.4","REL42.2.5","REL42.2.6","REL42.2.7","REL42.2.8","REL42.2.9","REL42.3.0","REL42.3.0-rc1","REL42.3.0-rc2","REL42.3.1","REL42.3.1-rc1","REL42.3.1-rc2","REL42.3.2-rc1","REL6_5","REL7_0","REL7_1","REL7_1_BETA","REL7_1_BETA2","REL7_1_BETA3","REL7_2","REL7_2_3","REL7_2_4","REL7_2_BETA1","REL7_2_BETA2","REL7_2_BETA3","REL7_2_BETA4","REL7_2_BETA5","REL7_2_RC1","REL7_2_RC2","REL7_4_BETA1","REL7_4_BETA2","REL7_4_BETA3","REL7_4_BETA4","REL7_4_BETA5","REL7_4_RC1","REL7_4_RC2","REL8_0_309","REL8_1_404","REL8_2_504","REL8_3_603","REL8_4_701","REL9.4.1207","REL9.4.1208","REL9.4.1209","REL9.4.1210","REL9.4.1211","REL9.4.1212","REL9_0_801","REL9_3_1100","REL9_4_1201","REL9_4_1203","REL9_4_1204","REL9_4_1205","REL9_4_1206","release-6-3"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-0c4f6d47","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":591,"function_hash":"290450761587819362508458380227539618688"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/SocketFactoryFactory.java","function":"getSslSocketFactory"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-0cfe4bfa","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":624,"function_hash":"222706268560466953199390223600137580475"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/AuthenticationPluginManager.java","function":"withEncodedPassword"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-0d19d568","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"threshold":0.9,"line_hashes":["247153307125202517966389191868910347817","337273867374036537597999649309406185088","123722001280471412400572553548855150185","272287884890611757148340223552553729464"]},"signature_type":"Line","target":{"file":"pgjdbc/src/main/java/org/postgresql/ssl/LibPQFactory.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-21aa29c8","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":474,"function_hash":"82569256018608371493948748462819166520"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/SocketFactoryFactory.java","function":"getSocketFactory"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-2666e790","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":798,"function_hash":"247785280379720695647968187283442858902"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/ssl/MakeSSL.java","function":"verifyPeerName"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-371aa2e3","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"threshold":0.9,"line_hashes":["105064538767946565337398519214479856787","118177348054607692228957837312719908662","191552652554875566014756358978076500233","149024308317787910602665500524029518127"]},"signature_type":"Line","target":{"file":"pgjdbc/src/main/java/org/postgresql/ssl/MakeSSL.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-5a7acd74","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"threshold":0.9,"line_hashes":["338650171237249186966863903787300345080","151092766617910071505210087011867609477","309665056626029339664491871200618391665","90615564188277283292967658230401432367","121240175271901900391337762927520645543","153469583615380959653249419035323075819","116865144532723521002117707774530989961","242525783600903278778696373213459998593","189624503096753410365579303373618329981","264480095332435089699772143145162971906","317171873722563787929998436855697622338"]},"signature_type":"Line","target":{"file":"pgjdbc/src/main/java/org/postgresql/util/ObjectFactory.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-ad7d8f08","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"threshold":0.9,"line_hashes":["229904242425970102597619072866087206080","190707747687592485866445628135263963712","235540626295633169561707113158385190104","242244592986707100051008614092602542493","46597894765066314966160569768148022037","174870187326730878683490924940997913850","141201046363425609065448232308242857667","229079515841055361096975455813425246743"]},"signature_type":"Line","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/SocketFactoryFactory.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-b2551161","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":717,"function_hash":"332884536894667235821184075494630984673"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/util/ObjectFactory.java","function":"instantiate"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-d1c6ca31","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"threshold":0.9,"line_hashes":["66503424840584733458251601750372409661","174597814892594439636571041984062407092","104030770466586034485201533993165503113","224036711230398416415985865631825797976","289336234561907420986258651160307828821","98850025810154234432932198612748078617","81080676654946964497225467060361794558","40934962280104586082170245993597154436","188392370455379158597595050299131396130","71167797331723158813946506917815912310","210137953522200640621175449879169559039","253972741671819768950940124382102355587"]},"signature_type":"Line","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/AuthenticationPluginManager.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-e7154bfb","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":526,"function_hash":"165199549980941808397409680013137867879"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/ssl/LibPQFactory.java","function":"getCallbackHandler"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2022-21724-f786a486","source":"https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813","digest":{"length":816,"function_hash":"85165579289778437657249445803341173866"},"signature_type":"Function","target":{"file":"pgjdbc/src/main/java/org/postgresql/core/v3/AuthenticationPluginManager.java","function":"withPassword"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21724.json","vanir_signatures_modified":"2026-04-11T18:44:56Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}