{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-1597", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2024-02-16T22:29:21.969Z", "datePublished": "2024-02-19T12:58:48.620Z", "dateUpdated": "2024-04-18T19:07:03.652Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2024-04-18T19:07:03.652Z"}, "title": "pgjdbc SQL Injection via line comment generation", "descriptions": [{"lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."}], "affected": [{"vendor": "pgjdbc", "product": "pgjdbc", "versions": [{"version": "< 42.7.2", "status": "affected"}, {"version": "< 42.6.1", "status": "affected"}, {"version": "< 42.5.5", "status": "affected"}, {"version": "< 42.4.4", "status": "affected"}, {"version": "< 42.3.9", "status": "affected"}, {"version": "< 42.2.28", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "type": "CWE", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}, {"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "configurations": [{"lang": "en", "value": "Client must run code with PreferQueryMode=Simple"}], "workarounds": [{"lang": "en", "value": "Don't use SimpleQuery mode"}], "credits": [{"lang": "en", "value": "The pgjdbc project thanks Paul Gerste for reporting this problem."}]}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F0F89A-760E-4592-B142-0A28A0BCD61F", "versionEndExcluding": "42.2.28", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AF8DB08-81BB-48AD-85E5-B05220E49EA6", "versionEndExcluding": "42.3.9", "versionStartIncluding": "42.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "3453F9D3-2F9E-493F-8993-4F2A9B9E53F2", "versionEndExcluding": "42.4.4", "versionStartIncluding": "42.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "99C07B95-DBCC-4DB2-9896-2F7A98CEC91B", "versionEndExcluding": "42.5.5", "versionStartIncluding": "42.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C", "versionEndExcluding": "42.6.1", "versionStartIncluding": "42.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F88E552-40D4-4287-9357-00D352133ADC", "versionEndExcluding": "42.7.2", "versionStartIncluding": "42.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."}, {"lang": "es", "value": "pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas."}], "id": "CVE-2024-1597", "lastModified": "2024-06-10T17:16:17.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}, "published": "2024-02-19T13:15:07.740", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Third Party Advisory"], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://security.netapp.com/advisory/ntap-20240419-0008/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Release Notes"], "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Third Party Advisory"], "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}

{}