> On 08/11/2022 11:50 CET Cedric Aaron Towstyka > <cedric-aaron.towst...@barmenia.de> wrote: > > the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der > Informationstechnik) has issued a warning for CVE CVE-2022-42889with the name > commons-text. Insurance companies are obliged to analyse the installed > software for vulnerabilities of this type. As the Barmenia is using your > product PostgreSQL Server it is necessary to obtain all information regarding > any vulnerability against above CVE. We kindly ask you to provide information > if the above product is affected by the CVE and if yes, when a fix will be > available.
Postgres does not use Java and should not be affected. Maybe if you use PL/Java[1]. This CVE reminds me of Log4j from last year[2]. [1] https://tada.github.io/pljava/ [2] https://www.postgresql.org/message-id/flat/30390f0b07fd4d90b1aacb683ebfae45%40pictet.com -- Erik
