postgresql is vulnerable to man-in-the-middle. Hostname verification for non-default SSL factories are not performed if the hostname verifier is not provided to the driver. This allows an attacker to masquerade as a trusted server by providing a certificate signed by a trusted CA.
www.securityfocus.com/bid/105220
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936
github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e
lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
www.postgresql.org/about/news/1883/