CVE-2024-1597 - Vulnerability Details

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Pgjdbc	Pgjdbc
Postgresql	Postgresql Jdbc Driver
Redhat	Apache Camel Spring Boot Camel K Enterprise Linux Openshift Serverless Quarkus Rhel Aus Rhel E4s Rhel Eus Rhel Tus Rhosemc

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::
	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::
	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::
	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::
	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::
	cpe:2.3:a:postgresql:postgresql_jdbc_driver::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat build of Apache Camel 4.4.1 for Spring Boot
pgjdbc	cpe:/a:redhat:apache_camel_spring_boot:4.4.1	RHSA-2024:4884	2024-07-25T00:00:00Z
Red Hat build of Quarkus 3.2.11.Final
org.postgresql/postgresql:42.6.1.redhat-00001	cpe:/a:redhat:quarkus:3.2::el8	RHSA-2024:1662	2024-04-03T00:00:00Z
Red Hat Enterprise Linux 8
postgresql-jdbc-0:42.2.14-3.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:1435	2024-03-20T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql-jdbc-0:42.2.3-5.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:2624	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql-jdbc-0:42.2.3-5.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:2624	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql-jdbc-0:42.2.3-5.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:2624	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql-jdbc-0:42.2.3-7.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:4375	2024-07-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql-jdbc-0:42.2.3-7.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:4375	2024-07-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql-jdbc-0:42.2.3-7.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:4375	2024-07-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
postgresql-jdbc-0:42.2.3-5.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:4402	2024-07-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
postgresql-jdbc-0:42.2.3-5.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:4402	2024-07-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
postgresql-jdbc-0:42.2.3-5.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:4402	2024-07-09T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql-jdbc-0:42.2.14-5.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:3313	2024-05-23T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-jdbc-0:42.2.28-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:1436	2024-03-20T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-jdbc-0:42.2.28-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:1999	2024-04-23T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-jdbc-0:42.2.28-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:1649	2024-04-02T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-42	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1686	2024-04-04T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.7-4	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1686	2024-04-04T00:00:00Z
RHINT Camel-K 1.10.7
pgjdbc	cpe:/a:redhat:camel_k:1.10.7	RHSA-2024:5056	2024-08-06T00:00:00Z
RHOSS-1.33-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.33.0-3	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/04/02/6
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/
https://nvd.nist.gov/vuln/detail/CVE-2024-1597
https://security.netapp.com/advisory/ntap-20240419-0008/
https://www.cve.org/CVERecord?id=CVE-2024-1597
https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/
https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pgjdbc Pgjdbc pgjdbc
CPEs		cpe:2.3:a:pgjdbc:pgjdbc::::::::
Vendors & Products		Pgjdbc Pgjdbc pgjdbc
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 07 Aug 2024 01:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat camel K
CPEs		cpe:/a:redhat:camel_k:1.10.7
Vendors & Products		Redhat camel K

MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2024-02-19T12:58:48.620Z

Updated: 2025-02-13T17:32:18.226Z

Reserved: 2024-02-16T22:29:21.969Z

Link: CVE-2024-1597

Vulnrichment

Updated: 2024-08-01T18:48:20.658Z

NVD

Status : Modified

Published: 2024-02-19T13:15:07.740

Modified: 2024-11-21T08:50:54.813

Link: CVE-2024-1597

Redhat

Severity : Important

Publid Date: 2024-02-19T00:00:00Z

Links: CVE-2024-1597 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-1597", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2024-02-16T22:29:21.969Z", "datePublished": "2024-02-19T12:58:48.620Z", "dateUpdated": "2025-02-13T17:32:18.226Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2024-06-10T16:14:25.740Z"}, "title": "pgjdbc SQL Injection via line comment generation", "descriptions": [{"lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."}], "affected": [{"vendor": "pgjdbc", "product": "pgjdbc", "versions": [{"version": "< 42.7.2", "status": "affected"}, {"version": "< 42.6.1", "status": "affected"}, {"version": "< 42.5.5", "status": "affected"}, {"version": "< 42.4.4", "status": "affected"}, {"version": "< 42.3.9", "status": "affected"}, {"version": "< 42.2.28", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "type": "CWE", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}, {"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "configurations": [{"lang": "en", "value": "Client must run code with PreferQueryMode=Simple"}], "workarounds": [{"lang": "en", "value": "Don't use SimpleQuery mode"}], "credits": [{"lang": "en", "value": "The pgjdbc project thanks Paul Gerste for reporting this problem."}]}, "adp": [{"affected": [{"vendor": "pgjdbc", "product": "pgjdbc", "cpes": ["cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "42.7.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "42.6.1", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "42.5.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "42.4.4", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "42.3.9", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "42.2.28", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-10T04:00:36.120593Z", "id": "CVE-2024-1597", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T16:53:44.796Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:20.658Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", "tags": ["x_transferred"]}, {"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", "tags": ["x_transferred"]}, {"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240419-0008/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", "tags": ["x_transferred"]}, {"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", "tags": ["x_transferred"]}, {"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240419-0008/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:20.658Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1597", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-10T04:00:36.120593Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*"], "vendor": "pgjdbc", "product": "pgjdbc", "versions": [{"status": "affected", "version": "0", "lessThan": "42.7.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "42.6.1", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "42.5.5", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "42.4.4", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "42.3.9", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "42.2.28", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T16:51:07.958Z"}}], "cna": {"title": "pgjdbc SQL Injection via line comment generation", "credits": [{"lang": "en", "value": "The pgjdbc project thanks Paul Gerste for reporting this problem."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pgjdbc", "product": "pgjdbc", "versions": [{"status": "affected", "version": "< 42.7.2"}, {"status": "affected", "version": "< 42.6.1"}, {"status": "affected", "version": "< 42.5.5"}, {"status": "affected", "version": "< 42.4.4"}, {"status": "affected", "version": "< 42.3.9"}, {"status": "affected", "version": "< 42.2.28"}]}], "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}, {"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}], "workarounds": [{"lang": "en", "value": "Don't use SimpleQuery mode"}], "descriptions": [{"lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "configurations": [{"lang": "en", "value": "Client must run code with PreferQueryMode=Simple"}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2024-06-10T16:14:25.740Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1597", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:32:18.226Z", "dateReserved": "2024-02-16T22:29:21.969Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2024-02-19T12:58:48.620Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F0F89A-760E-4592-B142-0A28A0BCD61F", "versionEndExcluding": "42.2.28", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AF8DB08-81BB-48AD-85E5-B05220E49EA6", "versionEndExcluding": "42.3.9", "versionStartIncluding": "42.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "3453F9D3-2F9E-493F-8993-4F2A9B9E53F2", "versionEndExcluding": "42.4.4", "versionStartIncluding": "42.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "99C07B95-DBCC-4DB2-9896-2F7A98CEC91B", "versionEndExcluding": "42.5.5", "versionStartIncluding": "42.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C", "versionEndExcluding": "42.6.1", "versionStartIncluding": "42.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F88E552-40D4-4287-9357-00D352133ADC", "versionEndExcluding": "42.7.2", "versionStartIncluding": "42.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."}, {"lang": "es", "value": "pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas."}], "id": "CVE-2024-1597", "lastModified": "2024-11-21T08:50:54.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-19T13:15:07.740", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Third Party Advisory"], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Release Notes"], "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Third Party Advisory"], "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4884", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1", "impact": "low", "package": "pgjdbc", "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:1662", "cpe": "cpe:/a:redhat:quarkus:3.2::el8", "package": "org.postgresql/postgresql:42.6.1.redhat-00001", "product_name": "Red Hat build of Quarkus 3.2.11.Final", "release_date": "2024-04-03T00:00:00Z"}, {"advisory": "RHSA-2024:1435", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql-jdbc-0:42.2.14-3.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:2624", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql-jdbc-0:42.2.3-5.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2624", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql-jdbc-0:42.2.3-5.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2624", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql-jdbc-0:42.2.3-5.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:4375", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql-jdbc-0:42.2.3-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4375", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql-jdbc-0:42.2.3-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4375", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql-jdbc-0:42.2.3-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4402", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "postgresql-jdbc-0:42.2.3-5.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4402", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "postgresql-jdbc-0:42.2.3-5.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4402", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "postgresql-jdbc-0:42.2.3-5.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:3313", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql-jdbc-0:42.2.14-5.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:1436", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-jdbc-0:42.2.28-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:1999", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-jdbc-0:42.2.28-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:1649", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-jdbc-0:42.2.28-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:1686", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-42", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:1686", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.6.7-4", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-04T00:00:00Z"}, {"advisory": "RHSA-2024:5056", "cpe": "cpe:/a:redhat:camel_k:1.10.7", "package": "pgjdbc", "product_name": "RHINT Camel-K 1.10.7", "release_date": "2024-08-06T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-operator-bundle:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-rhel8-operator:1.33.0-3", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:4057", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-06-24T00:00:00Z"}], "bugzilla": {"description": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "id": "2266523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.", "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value."], "mitigation": {"lang": "en:us", "value": "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue."}, "name": "CVE-2024-1597", "package_state": [{"cpe": "cpe:/a:redhat:camel_quarkus:3", "fix_state": "Will not fix", "package_name": "pgjdbc", "product_name": "Red Hat build of Apache Camel 4 for Quarkus 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Affected", "impact": "low", "package_name": "pgjdbc", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "pgjdbc", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "pgjdbc", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "pgjdbc", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Affected", "package_name": "org.postgresql/postgresql", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/postgresql-jdbc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "impact": "low", "package_name": "pgjdbc", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "pgjdbc", "product_name": "Red Hat Integration Camel Quarkus 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "pgjdbc", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "pgjdbc", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "impact": "low", "package_name": "candlepin", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "postgresql-jdbc", "product_name": "Red Hat Virtualization 4"}], "public_date": "2024-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1597\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1597\nhttps://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\nhttps://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\nhttps://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"], "statement": "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application's database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn't directly utilize the PostgreSQL JDBC Driver and doesn't set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object