Is payara subsceptible to CVE-2022-31197


Is Payara susceptible to this CVE-2022-31197?

So I guess the question is if in JPA/ecpliselink the ResultSet.refreshRow() is called?

gr. Hans

If it’s specific to PostGres, then with a pure default setup no - we don’t bundle a PostGres JDBC driver. The flaw appears to be specific to the PostGreSQL JDBC Driver, of which they’ve already released a patched version (as of August 3rd).