Postgresql JDBC Driver CVE-2022-41946

[tbobrykozaki]

Describe the security issue
Security scans utilizing Tenable.io and Nessus Pro keep reporting [https://github.com/advisories/GHSA-562r-vg33-8x8h]

Vulnerability Location
This is in the main codebase with the docker image

Environment (please complete the following information if it is applicable to the issue)

OS: docker
Java Distribution/Version OpenJDK 17.0.6
Connect Version 4.3
Suggested remediation
Recommendation is to update the driver to 42.2.27 or greater

Additional context
The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8, 42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability.
SQL queries using prepared statements that total more than 51 kilobytes will be written to the system temporary directory where they can be read by any local user of the system.

Risk Information
RISK FACTOR
Medium
CVSS BASE SCORE
4.6
CVSS TEMPORAL SCORE
3.4
CVSS VECTOR
AV:L/AC:L/Au:S/C:C/I:N/A:N
CVSS TEMPORAL VECTOR
E:U/RL:OF/RC:C
CVSS3 BASE SCORE
5.5
CVSS3 TEMPORAL SCORE
4.8
CVSS3 VECTOR
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS3 TEMPORAL VECTOR
E:U/RL:O/RC:C
IVAM SEVERITY
I

Scan output -

Path : /var/lib/docker/overlay2/00ed3fe318648ee5e2b7f874ecc81624ba002ee805aef17437f8515ccc98de7a/diff/opt/connect/server-lib/database/postgresql-42.2.19.jar
Installed version : 42.2.19
Fixed version : 42.2.27

Path : /var/lib/docker/overlay2/29ece69f535e91d11e8e7abe1f783d8c937e7b1b6d29781f46ec8e72ddd3a453/merged/opt/connect/server-lib/database/postgresql-42.2.19.jar
Installed version : 42.2.19
Fixed version : 42.2.27

Path : /var/lib/docker/overlay2/583ec33151e4a95114610d97f210172f14a681659238934e76c11c3e1569753e/diff/opt/connect/server-lib/database/postgresql-42.2.19.jar
Installed version : 42.2.19
Fixed version : 42.2.27