There are 3 reported vulnerabilities for PostgreSQL (see subject for CVE numbers)
All are related to PL/Java, I’m not sure what’s included in the bundled installation of PostgreSQL. It appears that the installation is only listening on 127.0.0.1, so perhaps that in itself mitigates most of the possible risks. is PL/Java included in the installation?
Hi
I took a look at the CVE’s, however they do not apply to our use of Postgresql. We don’t use PL/Java at all, and yes, we do bind the service to 127.0.0.1 only to avoid other non local programs connecting to the instance.
Thanks for reporting them anyway, we’re always keen to make sure we do not leave our customers exposed.