postgresql-jdbc is vulnerable to arbitrary file writes. The vulnerability exists because the connection properties for configuring a pgjdbc connection are exposed which allows an attacker to specify arbitrary connection properties could lead to a compromise of a system.
access.redhat.com/documentation/en-us/red_hat_fuse/7.11/
access.redhat.com/errata/RHSA-2022:5532
access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.11.0
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2064007
github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc
github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
jdbc.postgresql.org/documentation/changelog.html#version_42.3.3
jdbc.postgresql.org/documentation/head/tomcat.html
www.debian.org/security/2022/dsa-5196