{"id":"CVE-2018-10936","details":"A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.","aliases":["GHSA-568q-9fw5-28wf"],"modified":"2026-01-30T07:10:44.690515Z","published":"2018-08-30T13:29:00.377Z","related":["SUSE-SU-2020:3466-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105220"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"},{"type":"ADVISORY","url":"https://www.postgresql.org/about/news/1883/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pgjdbc/pgjdbc","events":[{"introduced":"0"},{"fixed":"a1a5ae4f2283d4557f36756d1a0228310a3acccb"}]}],"versions":["REL42.0.0","REL42.1.0","REL42.1.1","REL42.1.2","REL42.1.3","REL42.1.4","REL42.2.0","REL42.2.1","REL42.2.2","REL42.2.3","REL42.2.4","REL6_5","REL7_0","REL7_1","REL7_1_BETA","REL7_1_BETA2","REL7_1_BETA3","REL7_2","REL7_2_3","REL7_2_4","REL7_2_BETA1","REL7_2_BETA2","REL7_2_BETA3","REL7_2_BETA4","REL7_2_BETA5","REL7_2_RC1","REL7_2_RC2","REL7_4_BETA1","REL7_4_BETA2","REL7_4_BETA3","REL7_4_BETA4","REL7_4_BETA5","REL7_4_RC1","REL7_4_RC2","REL8_0_309","REL8_1_404","REL8_2_504","REL8_3_603","REL8_4_701","REL9.4.1207","REL9.4.1208","REL9.4.1209","REL9.4.1210","REL9.4.1211","REL9.4.1212","REL9_0_801","REL9_3_1100","REL9_4_1201","REL9_4_1202","REL9_4_1203","REL9_4_1204","REL9_4_1205","REL9_4_1206","release-6-3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10936.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}