CVE-2024-1597
Vulnerability from cvelistv5
Published
2024-02-19 12:58
Modified
2024-08-01 18:48
Severity ?
Summary
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
References
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007http://www.openwall.com/lists/oss-security/2024/04/02/6
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56Third Party Advisory
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/Mailing List, Third Party Advisory
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://security.netapp.com/advisory/ntap-20240419-0008/
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/Release Notes
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/04/02/6
af854a3a-2127-422b-91ae-364da2661108https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240419-0008/
af854a3a-2127-422b-91ae-364da2661108https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pgjdbc",
            "vendor": "pgjdbc",
            "versions": [
              {
                "lessThan": "42.7.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "42.6.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "42.5.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "42.4.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "42.3.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "42.2.28",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1597",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T04:00:36.120593Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T16:53:44.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:20.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240419-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pgjdbc",
          "vendor": "pgjdbc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 42.7.2"
            },
            {
              "status": "affected",
              "version": "\u003c 42.6.1"
            },
            {
              "status": "affected",
              "version": "\u003c 42.5.5"
            },
            {
              "status": "affected",
              "version": "\u003c 42.4.4"
            },
            {
              "status": "affected",
              "version": "\u003c 42.3.9"
            },
            {
              "status": "affected",
              "version": "\u003c 42.2.28"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Client must run code with PreferQueryMode=Simple"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The pgjdbc project thanks Paul Gerste for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-18T19:07:03.652Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"
        },
        {
          "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"
        },
        {
          "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240419-0008/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"
        }
      ],
      "title": "pgjdbc SQL Injection via line comment generation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Don\u0027t use SimpleQuery mode"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2024-1597",
    "datePublished": "2024-02-19T12:58:48.620Z",
    "dateReserved": "2024-02-16T22:29:21.969Z",
    "dateUpdated": "2024-08-01T18:48:20.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-1597\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2024-02-19T13:15:07.740\",\"lastModified\":\"2024-11-21T08:50:54.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\"},{\"lang\":\"es\",\"value\":\"pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"42.2.28\",\"matchCriteriaId\":\"51F0F89A-760E-4592-B142-0A28A0BCD61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.3.0\",\"versionEndExcluding\":\"42.3.9\",\"matchCriteriaId\":\"9AF8DB08-81BB-48AD-85E5-B05220E49EA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.4.0\",\"versionEndExcluding\":\"42.4.4\",\"matchCriteriaId\":\"3453F9D3-2F9E-493F-8993-4F2A9B9E53F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.5.0\",\"versionEndExcluding\":\"42.5.5\",\"matchCriteriaId\":\"99C07B95-DBCC-4DB2-9896-2F7A98CEC91B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.6.0\",\"versionEndExcluding\":\"42.6.1\",\"matchCriteriaId\":\"F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.7.0\",\"versionEndExcluding\":\"42.7.2\",\"matchCriteriaId\":\"8F88E552-40D4-4287-9357-00D352133ADC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/02/6\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0008/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/02/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.